What is the rest of the properties from the debuglog file - they are delimited by empty lines.
Rainer Sent from phone, thus brief. Cheltenham, Chris <[email protected]> schrieb am Do., 26. Apr. 2018, 21:40: > Interesting .. > > > > Thanks > > > > I tried this as well. > > This is version 8.24 also. > > > > -/etc/rsyslog.conf > > # Use traditional timestamp format > > # > > # DeBugging > > /var/log/debuglog;RSYSLOG_DebugFormat > > # > > :msg, contains, "170.235.1.248" ~ > > :msg, contains, "170.235.1.249" ~ > > # > > > > > > > > I did get some stuff in the debug logs. > > > > msg: 'CLIENT IP ADDRESS: 170.235.1.248' > > escaped msg: 'CLIENT IP ADDRESS: 170.235.1.248' > > > > > > > > > > =========================== > > Thank You; > > Chris Cheltenham > Technology Services > The School District of Philadelphia > > Work # 215-400-5025 > Cell # 215-301-6571 > > *From:* Rainer Gerhards <[email protected]> > *Sent:* Thursday, April 26, 2018 3:21 PM > *To:* Cheltenham, Chris <[email protected]> > *Cc:* rsyslog-users <[email protected]>; David Lang <[email protected] > > > *Subject:* Re: [rsyslog] excluding ip addresses > > > > Sorry to say that, but then it must either really be some other app - or > old content. Nothing else is possible (that's why I wanted it in the first > line). Maybe David has some more ideas, but from the developer perspective, > I don't see anything else that could happen. > > > > Rainer > > > > Sent from phone, thus brief. > > > > Cheltenham, Chris <[email protected]> schrieb am Do., 26. Apr. > 2018, 21:15: > > Yes sir, > > > > Here is the top of the rsyslog.conf file. > > > > > > # Use traditional timestamp format > > # DeBugging > > # > > /var/log/debuglog;RSYSLOG_DebugFormat > > # > > $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat > > > > # Provides kernel logging support (previously done by rklogd) > > #$ModLoad imklog > > module(load="imklog") > > > > # Provides support for local system logging (e.g. via logger command) > > #$ModLoad imuxsock > > module(load="imuxsock") > > > > # imput file > > #$ModLoad imfile > > module(load="imfile") > > > > #### 4.1.6 of Nessus scan > > #$ModLoad imtcp.so > > module(load="imtcp.so") > > $InputTCPServerRun 514 > > > > if $fromhost-ip == '170.235.1.248' then STOP > > &~ > > if $fromhost-ip == '170.235.1.249' then STOP > > &~ > > > > > > =========================== > > Thank You; > > Chris Cheltenham > Technology Services > The School District of Philadelphia > > Work # 215-400-5025 > Cell # 215-301-6571 > > *From:* Rainer Gerhards <[email protected]> > *Sent:* Thursday, April 26, 2018 3:12 PM > *To:* Cheltenham, Chris <[email protected]> > *Cc:* rsyslog-users <[email protected]>; David Lang <[email protected] > > > *Subject:* Re: [rsyslog] excluding ip addresses > > > > Did you place it in the first line? If so, it records all messages rsyslog > receives. So if some are in other logs but not this one, someone else is > writing the other logs. > > > > Rainer > > Sent from phone, thus brief. > > > > Cheltenham, Chris <[email protected]> schrieb am Do., 26. Apr. > 2018, 21:04: > > Gentlemen, > > > > The log says nothing about those two IP Address. > > > > > > [root@devsso03 cas]# cd /var/log > > [root@devsso03 log]# cat debuglog | grep 249 > > [root@devsso03 log]# pwd > > /var/log > > [root@devsso03 log]# cat debuglog | grep 249 > > [root@devsso03 log]# cat debuglog | grep 248 > > > > > > Yes it is still chattering away in my application logs. > > > > [root@devsso03 cas]# cat cas.log | grep 248 > > CLIENT IP ADDRESS: 170.235.1.248 > > CLIENT IP ADDRESS: 170.235.1.248 > > CLIENT IP ADDRESS: 170.235.1.248 > > CLIENT IP ADDRESS: 170.235.1.248 > > CLIENT IP ADDRESS: 170.235.1.248 > > CLIENT IP ADDRESS: 170.235.1.248 > > CLIENT IP ADDRESS: 170.235.1.248 > > CLIENT IP ADDRESS: 170.235.1.248 > > CLIENT IP ADDRESS: 170.235.1.248 > > CLIENT IP ADDRESS: 170.235.1.248 > > CLIENT IP ADDRESS: 170.235.1.248 > > CLIENT IP ADDRESS: 170.235.1.248 > > CLIENT IP ADDRESS: 170.235.1.248 > > CLIENT IP ADDRESS: 170.235.1.248 > > > > > > > > Is just not working. > > > > Any other suggestions? > > > > > > =========================== > > Thank You; > > Chris Cheltenham > Technology Services > The School District of Philadelphia > > Work # 215-400-5025 > Cell # 215-301-6571 > > *From:* Rainer Gerhards <[email protected]> > *Sent:* Thursday, April 26, 2018 2:51 PM > *To:* rsyslog-users <[email protected]> > *Cc:* David Lang <[email protected]>; Cheltenham, Chris < > [email protected]> > *Subject:* Re: [rsyslog] excluding ip addresses > > > > Place > > > > /var/log/debuglog;RSYSLOG_DebugFormat > > > > And *only* this in the *first* line of rsyslog.conf. > > > > Rainer > > Sent from phone, thus brief. > > > > Cheltenham, Chris via rsyslog <[email protected]> schrieb am Do., > 26. Apr. 2018, 20:48: > > David, > > I have this is rsyslog.conf > > if $fromhost-ip == '170.235.1.248' then > /var/log/debuglog;RSYSLOG_DebugFormat > &~ > if $fromhost-ip == '170.235.1.249' then > /var/log/debuglog;RSYSLOG_DebugFormat > &~ > > > Nothing happens. > > > =========================== > > Thank You; > > Chris Cheltenham > Technology Services > The School District of Philadelphia > > Work # 215-400-5025 > Cell # 215-301-6571 > > > -----Original Message----- > From: David Lang <[email protected]> > Sent: Thursday, April 26, 2018 2:23 PM > To: Cheltenham, Chris <[email protected]> > Cc: Cheltenham, Chris via rsyslog <[email protected]> > Subject: RE: [rsyslog] excluding ip addresses > > you don't need to run in debug mode, just write a file using that template > > /var/log/debuglog;RSYSLOG_DebugFormat > > will write all logs this way. > > > On Thu, 26 Apr 2018, Cheltenham, Chris wrote: > > > Date: Thu, 26 Apr 2018 14:08:10 -0400 (EDT) > > From: "Cheltenham, Chris" <[email protected]> > > To: David Lang <[email protected]> > > Cc: "Cheltenham, Chris via rsyslog" <[email protected]> > > Subject: RE: [rsyslog] excluding ip addresses > > > > David, > > > > How do I run in debug mode? > > Is I rsyslog -d ? > > > > I am using CentOS 7 so it would be changed in systemd. > > > > > > =========================== > > > > Thank You; > > > > Chris Cheltenham > > Technology Services > > The School District of Philadelphia > > > > Work # 215-400-5025 > > Cell # 215-301-6571 > > > > -----Original Message----- > > From: David Lang <[email protected]> > > Sent: Thursday, April 26, 2018 2:05 PM > > To: Cheltenham, Chris <[email protected]> > > Cc: Cheltenham, Chris via rsyslog <[email protected]> > > Subject: RE: [rsyslog] excluding ip addresses > > > > On Thu, 26 Apr 2018, Cheltenham, Chris wrote: > > > >> David, > >> > >> Thanks for the reply. > >> > >> I used this > >> > >> if $fromhost-ip == '170.235.1.248' then stop if $fromhost-ip == > >> '170.235.1.249' then stop > >> > >> > >> but it did not work. > >> Is that the correct syntax? > > > > that works > > > > can you log using the format RSYSLOG_DebugFormat and double check that > > fromhost-ip is being set the way you expect it to be? > > > >> I als restarted rsyslog. > > > > yes, that is needed any time you change the config file. > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
