Depends on what you are trying to achieve:
:msg, contains, "some string" stop
(on one line) will discard any message containing "some string".
:msg, contains, "some other string" /var/log/messages & stop
(across two lines) will cause any message containing "some other string" to be logged in messages and *then* discard it from further processing.
IIRC if you omit the "& stop" then it is possible that the message will match further down the config and be logged in multiple places - possibly desirable for security related messages), so you could do something like this:
:msg, contains, "some other string" /var/log/messages :msg, contains, "some other string" /var/log/secure & stop
On 10 August 2015 at 02:19, Tom Horsley horsley1953@gmail.com wrote:
On Sun, 09 Aug 2015 16:44:51 -0700 Doug H. wrote:
So basically I replace the ~ with & stop ?
I don't remember why I put it on the second line but I suspect I found something via google.
Well, when I try it, rsyslogd won't start, so it hates something about my file.
I guess I'll stick with the deprecated syntax :-).
users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org