Hello rsyslog list readers, I have found that I can not use a filter with the programname property when the string contains a slash. Has somebody made the same experience?
My setup is a debian squeeze box, with almost default settings and I want to have a separate log for policyd-weight messages. Here is a example line out of mail.log: Feb 10 09:21:32 mx1 postfix/policyd-weight[3161]: weighted check: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 HELO_IP_IN_CL_SUBNET=-1.2 (check from: .rediffmail. - helo: .rediffmail. - helo-domain: .rediffmail.) FROM/MX_MATCHES_HELO(DOMAIN)=-2 IN_ABUSE_RFCI=0.1; <client=202.137.235.243> <helo=rediffmail.com> <from=vancouver_seafo...@rediffmail.com> <to=u...@my-dom.de>; rate: -7.6 I tried these filter statements: if $programname contains 'postfix/policyd-weight' and \ $msg contains 'decided action=550' then -/var/log/spam/policyd-weight.log if $programname contains 'policyd-weight' and \ $msg contains 'decided action=550' then -/var/log/spam/policyd-weight.log if $programname contains 'policyd' then -/var/log/spam/policyd-weight_debug.log :programname, regex, ".*policyd.*" -/var/log/spam/policyd-weight_debug.log None of them work. This one works: if $msg contains 'decided action=' or \ $msg contains 'weighted check' then -/var/log/spam/policyd-weight_debug.log But it doesn't catch all policyd-weight messages. Am I going wrong somewhere? Any ideas? Kind regards, Timo _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
