you are probably discarding the message after it's been written out. but it's
impossible to tell without seeing your full config and knowing hat file you are
seeing the message in that you don't want there.
if you start rsyslog ith the -o flag (-o /path/to/file) then the file will
contain the combined configs that rsyslog sees, in the order that rsyslog sees
things. This assumes you are running a reasonably current rsyslog version.
David Lang
On Wed, 28 Jul 2021, Saint
Michael via rsyslog wrote:
Date: Wed, 28 Jul 2021 23:26:03 -0400
From: Saint Michael via rsyslog <[email protected]>
To: [email protected]
Cc: Saint Michael <[email protected]>
Subject: [rsyslog] Discard filters don't work
in centos 8, I added this file
cat test.conf
:msg, contains, "Cannot create session" stop
to /etc/rsyslog.d
then I did
systemctl restart rsyslog
but I keep seeing hundreds of messages like
Jul 29 03:16:18 api sudo[1736451]: pam_systemd(sudo:session): Cannot create
session: Already running in a session or user slice
what am I doing wrong?
Philip
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
