Hi Guys, Likely this has been asked before and I've tried to google it and find the answers but alas, it's been difficult.
I'm trying to implement a script based process for logging to a database in a particular format. Something like this: #--------------------------------------------------------- # send remote logs to observium # provides UDP syslog reception #module(load="imudp") input(type="imudp" port="60514" ruleset="observium") ## provides TCP syslog reception (uncomment if required) #module(load="imptcp") # #input(type="imptcp" # port="50514" # ruleset="observium") module(load="omprog") # observium syslog template template(name="observium" type="string" string="%fromhost-ip%||%syslogfacility%||%syslogpriority%||%syslogseverity%||%syslogtag%||%$year%-%$month%-%$day% %timereported:8:25%||%msg:::space-cc%||%programname%\n") # observium RuleSets ruleset(name="observium") { :msg, contains, "send response: Too long" stop :msg, contains, "-- HOST-RESOURCES-MIB" stop :msg, startswith, "-- UCD-SNMP-MIB::" stop :msg, contains, "truncating integer value " stop if ($programname contains_i "SNMPD") and ($msg startswith "-- ") and ($msg contains "::") then{ stop } action(type="omprog" binary="/opt/observium/syslog.php" template="observium") stop } #--------------------------------------------------------- My problem is, this format is not working to block the messages from snmpd that I'm trying to filter out. I've tried taking that same block and putting it outside of the ruleset, same results. Also my if condition... I have no idea if this is the right format, it's me trying what I've seen in stackoverflow and trying to make it work. That's like my 8th version of the if. So if anyone knows of documentation or can point me in the right direction, I would appreciate it. Thank you, *Greg Borbonus* General Manager P + <+639310006006>1 832 576 5956 W https://skilledpragati.com _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.