The problem is that these are multi-line messages (#012 is LF). This
will most probably hurt you in later log processing and may give
problem in log forwarding. Thus they are escaped. Validly formed logs
usually have no LF. If and only if the other log sources behave well,
there would be no
Thanks for clarifying David. I could see the if statement was otherwise
working
Here is an example debug line
Debug line with all properties:
FROMHOST: 'mcox-acs-test', fromhost-ip: '127.0.0.1', HOSTNAME:
'mcox-acs-test', PRI: 37,
syslogtag 'aide[2987]:', programname: 'aide', APP-NAME:
No, that is a universal parser directive.
One thing that's confusing about rsyslog configs is that there are two types of
things that are in the config
1. things processed at startup to configure rsyslog
2. things processed per message to manipulate that message
it doesn't matter where in
Hi.
Wondering if anyone can help
I forward all syslog messages (linux) using (syslog server ip has been
removed.)
if $fromhost-ip == '127.0.0.1' then @syslogserverip:514
And this works.
However, I am trying to send Aide check output via syslog using systemd-cat
I have an issue with
4 matches
Mail list logo