Mailinglist Archive: opensuse-factory (1324 mails)

< Previous Next >
Re: [opensuse-factory] [Leap 42.1] Problem with filtering out some excesive syslog messages in rsyslog
On 2015-10-02 15:54, Knurpht - Gertjan Lettink wrote:
Your filters should be entirely one line each.

No, that's not so.

I have this working filter on 13.1:

if ($programname startswith 'org.gtk.' and $msg contains '### debug:') or
($programname startswith 'org.gtk.vfs.Daemon') or ($programname startswith
'org.freedesktop.Tracker1') \
or ($programname startswith 'org.gnome.evince.Daemon' and ($msg contains
'egisterDocument' or $msg contains 'Watch name')) \
or ($programname startswith 'org.gnome.zeitgeist.Engine') \
or ($programname startswith 'org.xfce.FileManager' and ($msg contains
'fixme:' )) \
or ($programname == 'systemd' and ($msg contains 'Failed to open private
bus connection: Failed to connect to socket' )) \
then -/var/log/pruned
& stop

Notice the "\" symbol at the end of each line: it signifies it continues on the
next.


Or this other rule, in the original LEAP file:

#
# firewall messages into separate file and stop their further processing
#
if ($syslogfacility-text == 'kern') and \
($msg contains 'IN=' and $msg contains 'OUT=') \
then {
-/var/log/firewall
stop
}



--
Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 "Bottle" at Telcontar)

< Previous Next >