Hi all!
I am generating log messages from a script with a syslogtag, like this:
]# logger -t intruder_lockout -p local4.info "this account is now locked
out"
Next I'm trying to filter these logs, based on syslogtag to a seperate
file. (on RHEL9, with rsyslogd 8.2102.0-117.el9 (aka 2021.02))
To do that, I created the configfile
/etc/rsyslog.d/0_intruder_lockout_log.conf with this contents:
:syslogtag, isequal, "intruder_lockout:" /var/log/intruder_lockout.log
& stop
But the logger messages continue to end-up in the regular /var/log/messages.
My config file *is* processed:
]# rsyslogd -N1 -d | grep intruder
9648.534580052:main thread : rainerscript.c: PROPFILT
9648.534581695:main thread : rainerscript.c: Property.: 'syslogtag'
9648.534584550:main thread : rainerscript.c: Operation: 'isequal'
9648.534587716:main thread : rainerscript.c: Value....:
'intruder_lockout:'
9648.534589259:main thread : rainerscript.c: THEN
9648.534590852:main thread : rainerscript.c: ACTION 2
[builtin:omfile:/data/log/intruder_lockout.log]
9648.534593647:main thread : rainerscript.c: STOP
9648.534596272:main thread : rainerscript.c: END PROPFILT
I have also disabled selinux for testing, just to make sure that is not
getting in my way.
Anyone here with some imput to help me on my way..? Why is this not
working?!
Thanks!
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
