i have tacacs+ server installed on Ubuntu 14.04.
the application log file is on /var/log/tac_plus.log
I am trying to filter out certain messages from this log file.
these messages are a result of a monitoring this server every 30 seconds and
it fils the log file. here are the messages:
Mon Aug 15 08:45:46 2016 [8151]: connect from 10.20.8.8 [10.20.8.8]
Mon Aug 15 08:45:46 2016 [8151]: 10.20.8.8 : fd 3 eof (connection closed)
Mon Aug 15 08:45:46 2016 [8151]: Read -1 bytes from 10.20.8.8 , expecting 12
i created a 10-tacacs-log.conf file under /etc/rsyslog.d/ that contains the following:
:msg, contains, "10.20.8.8" ~
it does not seem to work.
Any help on this would be greatly appreciated.

thanks

Have you checked the logs on the receiving server?
Have you tried sniffing the traffic?

Install tcpdump if not installed.
and now we sniff traffic from the sender:
Let it run for 10 minutes'ish and you should see traffic.

If not. Ctrl+C to cancel the sniff and then try
also try from the sending server
and let us know the results of the sniff and the telnet from/to either host.

Thanks "Habitual" for your response.
i am constantly having these messages on the server.
i know they reach it and it is fine.
i just want to filter these specific messages from being written to the log file.