LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-26-2013, 11:59 PM   #1
ust
Senior Member
 
Registered: Mar 2003
Location: fasdf
Distribution: Debian / Suse /RHEL
Posts: 1,130

Rep: Reputation: 30
Is it possible to filter messages in rsyslog?


hi all ,

would advise if I want to filter the messages which which contains the string "error1" or "error2" , if these string exist , then drop the line and do not write to message log , how to do it ? thanks

Last edited by ust; 09-27-2013 at 01:46 AM.
 
Old 09-27-2013, 03:13 AM   #2
druuna
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532
Blog Entries: 7

Rep: Reputation: 2389Reputation: 2389Reputation: 2389Reputation: 2389Reputation: 2389Reputation: 2389Reputation: 2389Reputation: 2389Reputation: 2389Reputation: 2389Reputation: 2389
A quick search comes up with this:

- rsyslog - Filter Conditions
 
Old 10-02-2013, 03:38 AM   #3
ust
Senior Member
 
Registered: Mar 2003
Location: fasdf
Distribution: Debian / Suse /RHEL
Posts: 1,130

Original Poster
Rep: Reputation: 30
I read the link , there is a sample as below , it requires to write a program , I don't know how to define variable $syslogfacility-text , how to use it in my case if I just would like to filter the messages which which contains the string "error1" or "error2" ?

if $syslogfacility-text == 'local0' and $msg startswith 'DEVNAME' and not ($msg contains 'error1' or $msg contains 'error0') then /var/log/somelog

I also added the below to the config file , just trying to skip the line which contains the word "ID-4711" , but it doesn't work , would advise what is wrong ?

msg, contains, "ID-4711"

Last edited by ust; 10-02-2013 at 03:40 AM.
 
Old 10-02-2013, 04:21 AM   #4
druuna
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532
Blog Entries: 7

Rep: Reputation: 2389Reputation: 2389Reputation: 2389Reputation: 2389Reputation: 2389Reputation: 2389Reputation: 2389Reputation: 2389Reputation: 2389Reputation: 2389Reputation: 2389
This will not log messages that contain error1 or error2 in /var/log/allmessages:
Code:
:msg, regex, "error[12]" ~
*.*                         -/var/log/allmessages
If you want to make this global (not logged in any of the log files( then make the bold part the first line after the #### RULES #### section:
Code:
###############
#### RULES ####
###############

:msg, regex, "error[12]" ~
#
# First some standard log files.  Log by facility.
#
auth,authpriv.*         /var/log/auth.log
*.*;auth,authpriv.none      -/var/log/syslog
#cron.*             /var/log/cron.log
daemon.*            -/var/log/daemon.log
kern.*              -/var/log/kern.log
lpr.*               -/var/log/lpr.log
.
.
.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Trouble with rsyslog config to filter dnsmasq-log-spam Yalla-One Linux - Server 2 01-04-2013 12:35 AM
rsyslog filtering syslog messages sanjose Linux - Newbie 13 11-07-2012 03:08 PM
Rsyslog not logging routers messages dman777 Linux - Software 9 01-31-2011 05:08 AM
Configure rsyslog to filter all messages from kdm ? charlweed Linux - Software 2 10-25-2009 05:27 AM
INACTIVE firewall blocks my rsyslog messages tbergfeld Fedora 0 06-26-2008 04:52 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 03:13 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration