Question
I need the following filter in rsyslog. My syntax is incorrect and it generates an error in the rsyslog logfile:
https://stackoverflow.com/questions/23452979
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian:programname, isequal, "program1" &
:msg, contains, "an expression" /dev/null
&~
Error is:
the last error occured in /etc/rsyslog.d/50-default.conf, line 18:":programname, isequal, "program1" &"
I'd appreciate if someone could suggest the correct syntax for this property filter, or alternatively the correct RainerScript syntax to do the same thing?
Solution
Got the answer with some help from Rainer Gerhards:
if $programname == 'program1' and $msg contains 'an expression' then /dev/null
& stop
Note that for older versions of rsyslog (like V5 that Ubuntu provided with their V13 'Saucy'), you must use single quotes around the attributes. Double quotes work in late mode rsyslog versions like rsyslog V7
