without seeing your configs (remember, I don't manage how RedHat sets their
configs, so I don't know what their defaults are), I can only guess.
But my guess is that rsyslog reads logs from journald
David Lang
On Thu, 29 Jul 2021, Saint Michael wrote:
Date: Thu, 29 Jul 2021 15:45:37 -0400
From: Saint Michael <[email protected]>
To: David Lang <[email protected]>
Cc: Saint Michael via rsyslog <[email protected]>
Subject: Re: [rsyslog] Discard filters don't work
On Centos 8, Red Hat 8
There are two log managers,
systemd-journald and rsyslog
they are connected somehow
On Thu, Jul 29, 2021 at 3:13 PM David Lang <[email protected]> wrote:
which point do you need me to elaborate?
without the configs, I am only going to be able to guess.
David Lang
On Thu, 29 Jul 2021, Saint Michael wrote:
Date: Thu, 29 Jul 2021 10:27:39 -0400
From: Saint Michael <[email protected]>
To: David Lang <[email protected]>
Cc: Saint Michael via rsyslog <[email protected]>
Subject: Re: [rsyslog] Discard filters don't work
Ok, thanks for the clarification.
In reality I was mistaking systemd-journald for rsyslog.
It is confusing how they interact.
I am using Centos 8.
Can you elaborate on this point?
On Thu, Jul 29, 2021 at 12:41 AM David Lang <[email protected]> wrote:
you are probably discarding the message after it's been written out. but
it's
impossible to tell without seeing your full config and knowing hat file
you are
seeing the message in that you don't want there.
if you start rsyslog ith the -o flag (-o /path/to/file) then the file
will
contain the combined configs that rsyslog sees, in the order that
rsyslog
sees
things. This assumes you are running a reasonably current rsyslog
version.
David Lang
On Wed, 28 Jul 2021, Saint
Michael via rsyslog wrote:
Date: Wed, 28 Jul 2021 23:26:03 -0400
From: Saint Michael via rsyslog <[email protected]>
To: [email protected]
Cc: Saint Michael <[email protected]>
Subject: [rsyslog] Discard filters don't work
in centos 8, I added this file
cat test.conf
:msg, contains, "Cannot create session" stop
to /etc/rsyslog.d
then I did
systemctl restart rsyslog
but I keep seeing hundreds of messages like
Jul 29 03:16:18 api sudo[1736451]: pam_systemd(sudo:session): Cannot
create
session: Already running in a session or user slice
what am I doing wrong?
Philip
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
