Save rsyslog data -

[Ed Greshko]

On 08/20/2012 11:29 PM, Bob Goodwin - Zuni, Virginia, USA wrote:
>    It doesn't seem to accept double quotes, single still  yields an
>    error message.
>
>        [bobg at box9 ~]$ cat /var/log/tomato.log
>
>        Aug 20 11:02:27 box9 rsyslogd: the last error occured in
>        /etc/rsyslog.d/emptyfile.conf, line 3:":source, isequal,
>        '192.168.1.9' /var/log/tomato.log" 

Well...  All I can say at this point is....

1.  I don't use :source

2.  I log info from my dlink in a file which is not /var/log/messages and that is what I think you are trying to do.

3.  These work just fine for me....

if $msg contains 'from 192.168.0.18' then ~   (discard messages which match)
if $msg contains 'D-Link' then /var/log/dlink.log   (log messages containing D-Link in dlink.log)

or

:msg, contains, "from 192.168.0.1" ~
:msg, contains, "D-Link" /var/log/dlink.log

So....  Maybe you should post a copy of the entries that are filling up your /var/log/messages file?


-- 
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -- Rick Cook, The Wizardry Compiled