Hello!
It's the same as without ruleset I'd say.. As long as the source sets
severity right you should be able to use this:
ruleset(name="vcsa20525" queue.type="linkedlist" queue.workerThreads="4"
queue.workerThreadMinimumMessages="3000"){
if $syslogseverity-text != ['info', 'debug'] then {
action(type="omfile" file="/var/log/remote-syslog/vcsa.log")
}
}
I might be wrong wrt exact severity string values but overall usage is like
this. Alternatively, you may invert the condition and call `stop` to drop
the message.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
