-
Notifications
You must be signed in to change notification settings - Fork 636
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to exclude facility? #5378
Comments
I think I got it, is this correct?
The docs say
|
And finally, the opposite/positive/inclusion way to write the same rule, would be this one?
(the inclusion way is needed on the sender, the exclusion on the receiver). |
for something this complicated, just use the new if..then capabilities, if you
have trouble writing it, in a few years you will have trouble understanding it.
David Lang
…On Sun, 12 May 2024, Alkis Georgopoulos wrote:
Date: Sun, 12 May 2024 00:21:07 -0700
From: Alkis Georgopoulos ***@***.***>
Reply-To: rsyslog/rsyslog
***@***.***>
To: rsyslog/rsyslog ***@***.***>
Cc: Subscribed ***@***.***>
Subject: Re: [rsyslog/rsyslog] How to exclude facility? (Issue #5378)
I think I got it, is this correct?
*.debug;*.!warning;auth,authpriv.none
|
Understanding the "multiple semicolons" and the "none" intricacies will also help me read the existing configuration files, e.g. here's a part from Ubuntu's /etc/rsyslog.d/50-default.conf:
After reading the documentation, I still can't grasp why For future re-reading of my configuration files, I'll just use comments like always, that part isn't a problem. Thank you! |
Hello, I've been googling / reading docs for a while but I didn't find what I needed, so I thought I'd ask here.
How can I express the following in the legacy format, or if not possible, in the new format?
"if the message priority is less than warning, stop processing, except if the facility is auth or authpriv"
So e.g. processing would stop for mail.info, but it would continue for auth.info.
I started with
*.debug;*.!warning stop
and tried to excludeauth,authpriv.*
, but I couldn't make it. I tried with!=auth
but I guess!=
can't be used for facilities; I tried with multiple semicolons but they didn't work as I thought...The text was updated successfully, but these errors were encountered: