-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday, 2014-03-01 at 16:43 +0100, Carlos E. R. wrote:
So the "stop" line for those systemd entries is not acting. However, it works for other sections, like the "named" section shown above, and others I do not show for clarity.
Are systemd entries special?
I now have: if ($msg contains 'Started Session' and $msg contains 'of user') \ then -/var/log/systemdpurged & stop if ($programname == 'xinetd' or $syslogtag == '[xinetd]:') then -/var/log/xinetd.log & stop # # the rest in one file # *.*;mail.none;news.none -/var/log/messages I get the expected entries in xinetd.log and systemdpurged. The xinetd entries do not appear in /var/log/messages, but the systemd entries do. The stop clause is ignored for them: <3.6> 2014-03-01 17:13:01 Telcontar systemd 1 - - Starting Session 107 ofuser news. <3.6> 2014-03-01 17:15:02 Telcontar systemd 1 - - Starting Session 108 ofuser root. - -- Cheers, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlMSCUoACgkQtTMYHG2NR9V9QQCdEnoSNU5++cc3qWGf9mm/+Xrr Xe0AnR0ePxtrMmUBuV78P0jd1Mrv8zWa =L9Fu -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org