On 08/20/2012 11:29 PM, Bob Goodwin - Zuni, Virginia, USA wrote:
It doesn't seem to accept double quotes, single still yields an error message.
[bobg@box9 ~]$ cat /var/log/tomato.log Aug 20 11:02:27 box9 rsyslogd: the last error occured in /etc/rsyslog.d/emptyfile.conf, line 3:":source, isequal, '192.168.1.9' /var/log/tomato.log"
Well... All I can say at this point is....
1. I don't use :source
2. I log info from my dlink in a file which is not /var/log/messages and that is what I think you are trying to do.
3. These work just fine for me....
if $msg contains 'from 192.168.0.18' then ~ (discard messages which match) if $msg contains 'D-Link' then /var/log/dlink.log (log messages containing D-Link in dlink.log)
or
:msg, contains, "from 192.168.0.1" ~ :msg, contains, "D-Link" /var/log/dlink.log
So.... Maybe you should post a copy of the entries that are filling up your /var/log/messages file?