Gentlemen,
The log says nothing about those two IP Address. [root@devsso03 cas]# cd /var/log [root@devsso03 log]# cat debuglog | grep 249 [root@devsso03 log]# pwd /var/log [root@devsso03 log]# cat debuglog | grep 249 [root@devsso03 log]# cat debuglog | grep 248 Yes it is still chattering away in my application logs. [root@devsso03 cas]# cat cas.log | grep 248 CLIENT IP ADDRESS: 170.235.1.248 CLIENT IP ADDRESS: 170.235.1.248 CLIENT IP ADDRESS: 170.235.1.248 CLIENT IP ADDRESS: 170.235.1.248 CLIENT IP ADDRESS: 170.235.1.248 CLIENT IP ADDRESS: 170.235.1.248 CLIENT IP ADDRESS: 170.235.1.248 CLIENT IP ADDRESS: 170.235.1.248 CLIENT IP ADDRESS: 170.235.1.248 CLIENT IP ADDRESS: 170.235.1.248 CLIENT IP ADDRESS: 170.235.1.248 CLIENT IP ADDRESS: 170.235.1.248 CLIENT IP ADDRESS: 170.235.1.248 CLIENT IP ADDRESS: 170.235.1.248 Is just not working. Any other suggestions? =========================== Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell # 215-301-6571 From: Rainer Gerhards <[email protected]> Sent: Thursday, April 26, 2018 2:51 PM To: rsyslog-users <[email protected]> Cc: David Lang <[email protected]>; Cheltenham, Chris <[email protected]> Subject: Re: [rsyslog] excluding ip addresses Place /var/log/debuglog;RSYSLOG_DebugFormat And *only* this in the *first* line of rsyslog.conf. Rainer Sent from phone, thus brief. Cheltenham, Chris via rsyslog <[email protected] <mailto:[email protected]> > schrieb am Do., 26. Apr. 2018, 20:48: David, I have this is rsyslog.conf if $fromhost-ip == '170.235.1.248' then /var/log/debuglog;RSYSLOG_DebugFormat &~ if $fromhost-ip == '170.235.1.249' then /var/log/debuglog;RSYSLOG_DebugFormat &~ Nothing happens. =========================== Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell # 215-301-6571 -----Original Message----- From: David Lang <[email protected] <mailto:[email protected]> > Sent: Thursday, April 26, 2018 2:23 PM To: Cheltenham, Chris <[email protected] <mailto:[email protected]> > Cc: Cheltenham, Chris via rsyslog <[email protected] <mailto:[email protected]> > Subject: RE: [rsyslog] excluding ip addresses you don't need to run in debug mode, just write a file using that template /var/log/debuglog;RSYSLOG_DebugFormat will write all logs this way. On Thu, 26 Apr 2018, Cheltenham, Chris wrote: > Date: Thu, 26 Apr 2018 14:08:10 -0400 (EDT) > From: "Cheltenham, Chris" <[email protected] > <mailto:[email protected]> > > To: David Lang <[email protected] <mailto:[email protected]> > > Cc: "Cheltenham, Chris via rsyslog" <[email protected] > <mailto:[email protected]> > > Subject: RE: [rsyslog] excluding ip addresses > > David, > > How do I run in debug mode? > Is I rsyslog -d ? > > I am using CentOS 7 so it would be changed in systemd. > > > =========================== > > Thank You; > > Chris Cheltenham > Technology Services > The School District of Philadelphia > > Work # 215-400-5025 > Cell # 215-301-6571 > > -----Original Message----- > From: David Lang <[email protected] <mailto:[email protected]> > > Sent: Thursday, April 26, 2018 2:05 PM > To: Cheltenham, Chris <[email protected] > <mailto:[email protected]> > > Cc: Cheltenham, Chris via rsyslog <[email protected] > <mailto:[email protected]> > > Subject: RE: [rsyslog] excluding ip addresses > > On Thu, 26 Apr 2018, Cheltenham, Chris wrote: > >> David, >> >> Thanks for the reply. >> >> I used this >> >> if $fromhost-ip == '170.235.1.248' then stop if $fromhost-ip == >> '170.235.1.249' then stop >> >> >> but it did not work. >> Is that the correct syntax? > > that works > > can you log using the format RSYSLOG_DebugFormat and double check that > fromhost-ip is being set the way you expect it to be? > >> I als restarted rsyslog. > > yes, that is needed any time you change the config file. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
