the debuglog does not contain any message from .248, so it does not help. I would still be interested in seeing the one where the messages were contained.
Rainer 2018-04-27 15:14 GMT+02:00 Cheltenham, Chris <[email protected]>: > David , > > In case you wanted to see the debuglog and rsyslog.conf and > /var/log/messages. > None of it is very big so you won't have to parse through a ton of stuff. > > We push these logs to two place at the moment. > > Graylog and rsyslog server. > > We are attempting to deprecate the rsyslog server for the fancy outputs > from Graylog. > > > > > > =========================== > > Thank You; > > Chris Cheltenham > Technology Services > The School District of Philadelphia > > Work # 215-400-5025 > Cell # 215-301-6571 > > > -----Original Message----- > From: David Lang <[email protected]> > Sent: Thursday, April 26, 2018 4:29 PM > To: Cheltenham, Chris <[email protected]> > Cc: Rainer Gerhards <[email protected]>; rsyslog-users > <[email protected]> > Subject: RE: [rsyslog] excluding ip addresses > > On Thu, 26 Apr 2018, Cheltenham, Chris wrote: > >> I tried this as well. >> >> This is version 8.24 also. >> >> >> >> -/etc/rsyslog.conf >> >> # Use traditional timestamp format >> >> # >> >> # DeBugging >> >> /var/log/debuglog;RSYSLOG_DebugFormat >> >> # >> >> :msg, contains, "170.235.1.248" ~ >> >> :msg, contains, "170.235.1.249" ~ >> >> # >> >> >> >> >> >> >> >> I did get some stuff in the debug logs. >> >> >> >> msg: 'CLIENT IP ADDRESS: 170.235.1.248' >> >> escaped msg: 'CLIENT IP ADDRESS: 170.235.1.248' > > As Rainer says, there is a lot of other stuff in that log message (the > debug format message is 10 lines of output for every log message it > processes), we need to see the entire message. > > If the message is being relayed by some other system, it may not have the > fromhost-ip that you are expecting. The debug format log messages will > show you all the details. > > David Lang _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
