Mailing List Archive

understanding rsyslog filtering messages to files by facility and priority

Trying to confirm if what I'm seeing is the right behavior. We are using
rsyslog-8.2001 version.

bash-4.2# cat /etc/rsyslog.conf
module( load="imuxsock" )
$MainMsgQueueTimeoutEnqueue 0
module( load="imklog" )

# The default file format
template( name="EOS_FileFormat" type="list" ) {
property( name="timestamp" dateFormat="rfc3164" )
constant( value=" al282 " )
property( name="syslogtag" )
property( name="msg" spifno1stsp="on" )
property( name="msg" droplastlf="on" )
constant( value="\n" )
$ActionFileDefaultTemplate EOS_FileFormat
$ErrorMessagesToStderr off
$RepeatedMsgReduction on;local5.!=alert /var/log/local5messages
local4.debug; /var/log/local4messages
*.debug /var/log/messages


We are writing syslogs to 3 files above. My question is for the first

1. ";local5.!=alert" line, I'm noticing that severity crit to info
of 'user' facility are written to /var/log/local5messages. But none of
local5 messages. Is that the right behavior?

I tried with

";local5.!alert" ie., removing the "=". even then none of local5
messages are written to /var/log/local5messages.

bash-4.2# logger -p user.warn "user warn `date`"
bash-4.2# logger -p "user info `date`"
bash-4.2# logger -p "local5 info `date`"
bash-4.2# logger -p local5.emerg "local5 emerg `date`"
bash-4.2# logger -p local5.notice "local5 notice `date`"
bash-4.2# tail -n 4 /var/log/local5messages
Apr 26 21:12:26 al282 root: user warn Mon Apr 26 21:12:26 PDT 2021
Apr 26 21:12:29 al282 root: user info Mon Apr 26 21:12:29 PDT 2021

Other 2 are straight forward.

Thank you.
rsyslog mailing list
What's up with rsyslog? Follow
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.