David: Sorry!
I will now open a new email each time for a new issue instead of changing an existing one The syntax -- :rawmsg, isequal,"default send string" ~ Worked and I do NOT get the messages now Thanks Ed Peeran -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: Monday, September 03, 2012 5:01 PM To: rsyslog-users Subject: Re: [rsyslog] filtering unwanted messages does not work On Mon, 3 Sep 2012, Peeran, Syed wrote: > Hello-- > > Please let me know why my code in /etc/rsyslog.conf does NOT filter the > message "default send string" > > # Filter out messages here place on top :msg, contains, "default send > string" -/var/log/discard.log & ~ a couple things, please don't reply to one thread and change the topic like this, it makes it easy to miss your reply when people read the message in a threaded view. I'm assuming that you are running into this with logs from a F5, sinceI recently ran into the same thing. The problem is that the F5 is sending a bogus log message, when the message is parsed, rsyslog attempts to guess what was sent, and in this case the message part of the log does not get "default send string", instead you get the hostname "default" the syslogtag "send" and the message "string" The way to diagnose something like this is to either log rawmsg somewhere, or log with the format string RSYSLOG_Debug which shows you the raw message that was sent, and how rsyslog parsed it apart. try :rawmsg, isequal,"default send string" instead David Lang _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards ---------------------------------------------------------------------- This message w/attachments (message) is intended solely for the use of the intended recipient(s) and may contain information that is privileged, confidential or proprietary. If you are not an intended recipient, please notify the sender, and then please delete and destroy all copies and attachments, and be advised that any review or dissemination of, or the taking of any action in reliance on, the information contained in or attached to this message is prohibited. Unless specifically indicated, this message is not an offer to sell or a solicitation of any investment products or other financial product or service, an official confirmation of any transaction, or an official statement of Sender. Subject to applicable law, Sender may intercept, monitor, review and retain e-communications (EC) traveling through its networks/systems and may produce any such EC to regulators, law enforcement, in litigation and as required by law. The laws of the country of each sender/recipient may impact the handling of EC, and EC may be archived, supervised and produced in countries other than the country in which you are located. This message cannot be guaranteed to be secure or free of errors or viruses. References to "Sender" are references to any subsidiary of Bank of America Corporation. Securities and Insurance Products: * Are Not FDIC Insured * Are Not Bank Guaranteed * May Lose Value * Are Not a Bank Deposit * Are Not a Condition to Any Banking Service or Activity * Are Not Insured by Any Federal Government Agency. Attachments that are part of this EC may have additional important disclosures and disclaimers, which you should read. This message is subject to terms available at the following link: http://www.bankofamerica.com/emaildisclaimer. By messaging with Sender you consent to the foregoing. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards
