Mailinglist Archive: opensuse-factory (1324 mails)

< Previous Next >
Re: [opensuse-factory] [Leap 42.1] Problem with filtering out some excesive syslog messages in rsyslog
  • From: Knurpht - Gertjan Lettink <knurpht@xxxxxxxxxxxx>
  • Date: Sat, 03 Oct 2015 12:32:32 +0200
  • Message-id: <1560304.EC0VAvdZxN@laptop.knurpht>
Op Friday 02 October 2015 17:22:19 schreef Carlos E. R.:
On 2015-10-02 15:54, Knurpht - Gertjan Lettink wrote:
Your filters should be entirely one line each.

No, that's not so.

It is. Have a look at the line containing "then {" and so on. Notice the
missing "\" symbol at the end of the line.


I have this working filter on 13.1:

if ($programname startswith 'org.gtk.' and $msg contains '### debug:')
or ($programname startswith 'org.gtk.vfs.Daemon') or ($programname
startswith 'org.freedesktop.Tracker1') \ or ($programname startswith
'org.gnome.evince.Daemon' and ($msg contains 'egisterDocument' or $msg
contains 'Watch name')) \ or ($programname startswith
'org.gnome.zeitgeist.Engine') \
or ($programname startswith 'org.xfce.FileManager' and ($msg contains
'fixme:' )) \ or ($programname == 'systemd' and ($msg contains
'Failed to open private bus connection: Failed to connect to socket' ))
\ then -/var/log/pruned
& stop

Notice the "\" symbol at the end of each line: it signifies it continues on
the next.


Or this other rule, in the original LEAP file:

#
# firewall messages into separate file and stop their further processing
#
if ($syslogfacility-text == 'kern') and \
($msg contains 'IN=' and $msg contains 'OUT=') \
then {
-/var/log/firewall
stop
}

--
Gertjan Lettink, a.k.a. Knurpht

Official openSUSE Member
openSUSE Forums Team
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups