Re: [rsyslog] Drop messages

Rainer Gerhards via rsyslog Wed, 12 Feb 2020 04:17:24 -0800

you do not need to process the message - just use this:

if $msg contains ['VSAN',
                          'VSANMGMTSVC']
    then {
    stop
    }


If that doesn't work, $msg does not contain what you think. Try
$rawmsg (everything as received from wire) in this case.

Rainer

El mié., 12 feb. 2020 a las 12:41, Adam Barnett via rsyslog
(<[email protected]>) escribió:
>
> Hi All,
>
> i am trying to drop sys log messages that contain certain words
>
> The message coming looks like so
>
> Feb 12 00:59:18 bd-c67b-85b3-1fa2-d50e69 mtlvdi52 VSANMGMTSVC: 641e7'},
> {'uuid': '521c8928-2bbe-4258-eb7e-bb0c864ff357', 'isAllFlash': 0, 'owner':
> '5dcd75a4-f34c-4392-1b2f-e4434b870550', 'disk_health': {'healthReason': 0,
> 'healthFlags': 0, 'timestamp': 87985781610}, 'capacityReserved':
> 1400897536, 'capacityUsed': 400165961728, 'isSsd': 0, 'capacity':
> 1000194703360, 'ssdUuid': '5251ae5d-48e5-b92b-741b-19743c38c492'}, {'uuid':
> '528da7de-32d3-f6a9-316e-5727f63a2eb1', 'isAllFlash': 0, 'owner':
> '5dcd75a4-f34c-4392-1b2f-e4434b870550', 'disk_health': {'healthReason': 0,
> 'healthFlags': 0, 'timestamp': 85923806398}, 'capacityReserved':
> 1417674752, 'capacityUsed': 383028035584, 'isSsd': 0, 'capacity':
> 1000194703360, 'ssdUuid': '5251ae5d-48e5-b92b-741b-19743c38c492'}, {'uuid':
> '52e3c33e-8a38-6ece-64db-3fd27f1eabab', 'isAllFlash': 0, 'owner':
> '5dcd75a4-f34c-4392-1b2f-e4434b870550', 'disk_health': {'healthReason': 0,
> 'healthFlags': 0, 'timestam
>
> And my rule looks like
>
> template (name="drop"      type="string" string="/dev/null")
>  if $msg contains ['VSAN',
>                           'VSANMGMTSVC']
>     then {
>     action(type="omfile" DynaFile="drop")
>     stop
>     }
>
> But they are not being dropped, am i doing something wrong?
>
> Thanks
>
>
>
> --
> Adam Barnett
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T 
> LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] Drop messages

Reply via email to