Mailinglist Archive: opensuse (929 mails)

< Previous Next >
[opensuse] I can not filter out some systemd messages in syslog
  • From: "Carlos E. R." <carlos.e.r@xxxxxxxxxxxx>
  • Date: Sat, 1 Mar 2014 16:43:37 +0100 (CET)
  • Message-id: <alpine.LSU.2.11.1403011634120.6062@Telcontar.valinor>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1




Hi,

I have this in "/etc/rsyslog.conf":

if ($programname == 'named' or $syslogtag == '[named]:') \
then -/var/log/named
& stop

...

if ($msg contains 'Started Session' and $msg contains 'of user') \
then -/var/log/systemdpurged
& stop

#
# the rest in one file
#
*.*;mail.none;news.none -/var/log/messages



I get the expected entries in "/var/log/systemdpurged":

<3.6> 2014-03-01 16:30:01 Telcontar systemd 1 - - Started Session 93 of user
cer.
<3.6> 2014-03-01 16:33:01 Telcontar systemd 1 - - Started Session 94 of user
news.

But I'm also getting them in "/var/log/messages":

<3.6> 2014-03-01 16:30:01 Telcontar systemd 1 - - Starting Session 93 of user
cer.
<3.6> 2014-03-01 16:33:01 Telcontar systemd 1 - - Starting Session 94 of user
news.

And they should not be there.

So the "stop" line for those systemd entries is not acting. However, it works for other sections, like the "named" section shown above, and others I do not show for clarity.

Are systemd entries special?


- -- Cheers
Carlos E. R.

(from 13.1 x86_64 "Bottle" at Telcontar)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iEYEARECAAYFAlMSADcACgkQtTMYHG2NR9WCgwCdEgnb+Apy47tcjI31Dv5brA9X
+TMAoIt87JaGgMoP5Zf11OZM0XevIjif
=uI81
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups