Op Friday 02 October 2015 17:22:19 schreef Carlos E. R.:
On 2015-10-02 15:54, Knurpht - Gertjan Lettink wrote:
Your filters should be entirely one line each.
No, that's not so.
It is. Have a look at the line containing "then {" and so on. Notice the missing "\" symbol at the end of the line.
I have this working filter on 13.1:
if ($programname startswith 'org.gtk.' and $msg contains '### debug:') or ($programname startswith 'org.gtk.vfs.Daemon') or ($programname startswith 'org.freedesktop.Tracker1') \ or ($programname startswith 'org.gnome.evince.Daemon' and ($msg contains 'egisterDocument' or $msg contains 'Watch name')) \ or ($programname startswith 'org.gnome.zeitgeist.Engine') \ or ($programname startswith 'org.xfce.FileManager' and ($msg contains 'fixme:' )) \ or ($programname == 'systemd' and ($msg contains 'Failed to open private bus connection: Failed to connect to socket' )) \ then -/var/log/pruned & stop
Notice the "\" symbol at the end of each line: it signifies it continues on the next.
Or this other rule, in the original LEAP file:
# # firewall messages into separate file and stop their further processing # if ($syslogfacility-text == 'kern') and \ ($msg contains 'IN=' and $msg contains 'OUT=') \ then { -/var/log/firewall stop }
-- Gertjan Lettink, a.k.a. Knurpht Official openSUSE Member openSUSE Forums Team -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org