I'm drowning in logs from postfix/smtpd, and need to filter these messages out to a separate file. The maillog looks something like:
Jan 27 13:34:02 asav5.example.net postfix/lmtp[31977]:: 53843908E2: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10020, delay=0.54, delays=0.03/0.33/0.01/0.49, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 249FB906AD) Jan 27 13:34:02 asav3.example.net postfix/smtpd[12077]:: connect from 26.81-111-54.customer.example.net[21.111.54.26] Jan 27 13:34:02 asav5.example.net postfix/qmgr[32165]:: 53843908E2: removed Jan 27 13:34:02 asav3.mro.example.net postfix/smtpd[12077]:: disconnect from 26.81-111-54.customer.example.net[21.111.54.26] So I want to separate out the lines from "postfix/smtpd" to its own file, and not touch the postfix/lmtp or postfix/qmgr or whatever-lines. >From the documentation it seems to me that I should be able to use: :programname, isequal, "postfix/smtpd" -?HourlyMaillogNonSplunked;MaillogTemplate :programname, isequal, "postfix/smtpd" ~ But these doesn't match anything. If I use simply "postfix", it matched all "postfix/*" messages: :programname, isequal, "postfix" -?HourlyMaillogNonSplunked;MaillogTemplate :programname, isequal, "postfix" ~ So, any idea for how I can match just "postfix/smtpd" ? -jf _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
