David, Would it help to attach the rsyslog.conf and.or the debuglog?
=========================== Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell # 215-301-6571 -----Original Message----- From: David Lang <[email protected]> Sent: Thursday, April 26, 2018 4:29 PM To: Cheltenham, Chris <[email protected]> Cc: Rainer Gerhards <[email protected]>; rsyslog-users <[email protected]> Subject: RE: [rsyslog] excluding ip addresses On Thu, 26 Apr 2018, Cheltenham, Chris wrote: > I tried this as well. > > This is version 8.24 also. > > > > -/etc/rsyslog.conf > > # Use traditional timestamp format > > # > > # DeBugging > > /var/log/debuglog;RSYSLOG_DebugFormat > > # > > :msg, contains, "170.235.1.248" ~ > > :msg, contains, "170.235.1.249" ~ > > # > > > > > > > > I did get some stuff in the debug logs. > > > > msg: 'CLIENT IP ADDRESS: 170.235.1.248' > > escaped msg: 'CLIENT IP ADDRESS: 170.235.1.248' As Rainer says, there is a lot of other stuff in that log message (the debug format message is 10 lines of output for every log message it processes), we need to see the entire message. If the message is being relayed by some other system, it may not have the fromhost-ip that you are expecting. The debug format log messages will show you all the details. David Lang _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
