Mailinglist Archive: opensuse-factory (1324 mails)

< Previous Next >
Re: [opensuse-factory] [Leap 42.1] Problem with filtering out some excesive syslog messages in rsyslog
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2015-10-03 12:32, Knurpht - Gertjan Lettink wrote:
Op Friday 02 October 2015 17:22:19 schreef Carlos E. R.:
On 2015-10-02 15:54, Knurpht - Gertjan Lettink wrote:
Your filters should be entirely one line each.

No, that's not so.

It is. Have a look at the line containing "then {" and so on. Notice the
missing "\" symbol at the end of the line.

Let me see.

if ($programname contains 'gdm-x-session') and ($syslogseverity <= 4 /*
warning */ ) \
then {
-/var/log/gdmlog.warn
}


Now, compare with an original filter from the distribution:


if ($syslogfacility-text == 'kern') and \
($msg contains 'IN=' and $msg contains 'OUT=') \
then {
-/var/log/firewall
stop
}


As you can see, there are no backslashes after the "then {". If it works on the
distribution rule, why not on mine?





The other rule is

if ($programname contains 'gdm-x-session') \
then -/var/log/gdmlog
& stop


In 13.1 I have a bunch of similar rules:


if ($syslogfacility-text == 'mail') and ($programname == 'spamd' or $syslogtag
== '[spamd]:') and \
($msg contains_i 'Use of each() on hash after insertion without
resetting hash iterator results in undefined behavior') \
then -/var/log/pruned.warn
& stop


As you can see, there is no backslash after the "then", and it works perfectly.




- --
Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 "Bottle" at Telcontar)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iEYEARECAAYFAlYP8koACgkQtTMYHG2NR9UgIwCfWZU0mZEaW0agYpGea8YGEsmg
zxYAoJcNexrssnkLTXU1uvHIxTfXS0Gy
=Dp0l
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups