Hi
Trying to confirm if what I'm seeing is the right behavior. We are using
rsyslog-8.2001 version.
bash-4.2# cat /etc/rsyslog.conf
module( load="imuxsock" )
$MainMsgQueueTimeoutEnqueue 0
module( load="imklog" )
# The default file format
template( name="EOS_FileFormat" type="list" ) {
property( name="timestamp" dateFormat="rfc3164" )
constant( value=" al282 " )
property( name="syslogtag" )
property( name="msg" spifno1stsp="on" )
property( name="msg" droplastlf="on" )
constant( value="\n" )
}
$ActionFileDefaultTemplate EOS_FileFormat
$ErrorMessagesToStderr off
$RepeatedMsgReduction on
user.info;local5.!=alert /var/log/local5messages
local4.debug; /var/log/local4messages
*.debug /var/log/messages
bash-4.2#
We are writing syslogs to 3 files above. My question is for the first
filter:
1. "user.info;local5.!=alert" line, I'm noticing that severity crit to info
of 'user' facility are written to /var/log/local5messages. But none of
local5 messages. Is that the right behavior?
I tried with
"user.info;local5.!alert" ie., removing the "=". even then none of local5
messages are written to /var/log/local5messages.
bash-4.2# logger -p user.warn "user warn `date`"
bash-4.2# logger -p user.info "user info `date`"
bash-4.2# logger -p local5.info "local5 info `date`"
bash-4.2# logger -p local5.emerg "local5 emerg `date`"
bash-4.2# logger -p local5.notice "local5 notice `date`"
bash-4.2# tail -n 4 /var/log/local5messages
Apr 26 21:12:26 al282 root: user warn Mon Apr 26 21:12:26 PDT 2021
Apr 26 21:12:29 al282 root: user info Mon Apr 26 21:12:29 PDT 2021
bash-4.2#
Other 2 are straight forward.
Thank you.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Trying to confirm if what I'm seeing is the right behavior. We are using
rsyslog-8.2001 version.
bash-4.2# cat /etc/rsyslog.conf
module( load="imuxsock" )
$MainMsgQueueTimeoutEnqueue 0
module( load="imklog" )
# The default file format
template( name="EOS_FileFormat" type="list" ) {
property( name="timestamp" dateFormat="rfc3164" )
constant( value=" al282 " )
property( name="syslogtag" )
property( name="msg" spifno1stsp="on" )
property( name="msg" droplastlf="on" )
constant( value="\n" )
}
$ActionFileDefaultTemplate EOS_FileFormat
$ErrorMessagesToStderr off
$RepeatedMsgReduction on
user.info;local5.!=alert /var/log/local5messages
local4.debug; /var/log/local4messages
*.debug /var/log/messages
bash-4.2#
We are writing syslogs to 3 files above. My question is for the first
filter:
1. "user.info;local5.!=alert" line, I'm noticing that severity crit to info
of 'user' facility are written to /var/log/local5messages. But none of
local5 messages. Is that the right behavior?
I tried with
"user.info;local5.!alert" ie., removing the "=". even then none of local5
messages are written to /var/log/local5messages.
bash-4.2# logger -p user.warn "user warn `date`"
bash-4.2# logger -p user.info "user info `date`"
bash-4.2# logger -p local5.info "local5 info `date`"
bash-4.2# logger -p local5.emerg "local5 emerg `date`"
bash-4.2# logger -p local5.notice "local5 notice `date`"
bash-4.2# tail -n 4 /var/log/local5messages
Apr 26 21:12:26 al282 root: user warn Mon Apr 26 21:12:26 PDT 2021
Apr 26 21:12:29 al282 root: user info Mon Apr 26 21:12:29 PDT 2021
bash-4.2#
Other 2 are straight forward.
Thank you.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.