hi,
I want to build a filter, that:
1. match IP
2. all Messages, but NOT *.emerg and NOT *.err
3. To file /var/log/remote/host.log
My tests:
if :fromhost-ip, isequal, '130.83.160.22' and $syslogseverity-text != 'err' or
$syslogseverity-text != 'emerg' then /var/log/nos.log
& ~
or:
if :fromhost-ip, isequal, '130.83.160.22' and ( $syslogseverity-text != 'err'
or $syslogseverity-text != 'emerg') then /var/log/nos.log
& ~
but I get only syntax error ...
you are mixing different types of tests.
you can't use the 'isequal' type of thing in an if statement
you need to do something more like (untested):
if ($fromhost-ip = '130.83.160.22' and ($syslogseverity-text != 'err' or
$syslogseverity-text != 'emerg')) then /var/log/nos.log
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
