-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Saturday, 2014-03-01 at 16:43 +0100, Carlos E. R. wrote:
So the "stop" line for those systemd entries is not acting. However, it works for other sections, like the "named" section shown above, and others I do not show for clarity.
Are systemd entries special?
I now have:
if ($msg contains 'Started Session' and $msg contains 'of user') \ then -/var/log/systemdpurged & stop
if ($programname == 'xinetd' or $syslogtag == '[xinetd]:') then -/var/log/xinetd.log & stop
# # the rest in one file # *.*;mail.none;news.none -/var/log/messages
I get the expected entries in xinetd.log and systemdpurged.
The xinetd entries do not appear in /var/log/messages, but the systemd entries do. The stop clause is ignored for them:
<3.6> 2014-03-01 17:13:01 Telcontar systemd 1 - - Starting Session 107 ofuser news. <3.6> 2014-03-01 17:15:02 Telcontar systemd 1 - - Starting Session 108 ofuser root.
- -- Cheers, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)