Hi.
Wondering if anyone can help
I forward all syslog messages (linux) using (syslog server ip has been
removed.)
if $fromhost-ip == '127.0.0.1' then @syslogserverip:514
And this works.
However, I am trying to send Aide check output via syslog using systemd-cat
I have an issue with spacing, etc (i.e I see #012 all over the output on
remote server)
The solution is to use
$SpaceLFOnReceive on
This fixes the #012 issue.
However I didn't want to set this globally so I have created if
statements in rsyslog conf
e.g
if $fromhost-ip == '127.0.0.1' and $programname != 'aide' then {
@syslogserverip:514
}
if $programname == 'aide' then {
$SpaceLFOnReceive on
@syslogserverip:514
}
The if statement works - apart from the $SpaceLFOnReceive on part
e.g if I enable $SpaceLFOnReceive on in the 2nd if statement it applies
to anything
i.e I have tested replacing $programname with sshd in both if statements
but $SpaceLFOnReceive on is enabled if I use any service.
If there a way to make $SpaceLFOnReceive apply to just a specified
$programname ?
Thanks
--
Sincerely yours,
/Morgan Cox/
/System Administrator/
+44 115 753 0120
m....@compassplus.com <mailto:m....@compassplus.com>
------------------------------------------------------------------------
compassplus <http://www.compassplus.com/>*NOTTINGHAM, UNITED KINGDOM*
+44 115 753 0120| +44 115 986 4140(fax)
Follow
us<https://www.linkedin.com/company/compass-plus><https://twitter.com/Compass_Plus><http://www.facebook.com/compassplus>
------------------------------------------------------------------------
This e-mail is intended only for the person to whom it is addressed
and/or otherwise authorized personnel. The information contained herein
and attached is confidential and the property of Compass Plus. If you
are not the intended recipient, please be advised that viewing this
message and any attachments, as well as copying, forwarding, printing,
and disseminating any information related to this e-mail is prohibited,
and that you should not take any action based on the content of this
e-mail and/or its attachments. If you received this message in error,
please contact the sender and destroy all copies of this e-mail and any
attachment. Please note that the views and opinions expressed herein
(except attached document with reasonable legal status) are solely those
of the author and do not necessarily reflect those of the company. While
antivirus protection tools have been employed, you should check this
e-mail and attachments for the presence of viruses. No warranties or
assurances are made in relation to the safety and content of this e-mail
and attachments. Compass Plus accept no liability for any damage caused
by any virus transmitted by or contained in this e-mail and attachments.
No liability is accepted for any consequences arising from this e-mail.
------------------------------------------------------------------------
© Compass Plus (Great Britain) Limited, 2005-2022, Confidential, v1.04
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
