puppet-rsyslog icon indicating copy to clipboard operation
puppet-rsyslog copied to clipboard
verified publisher icon saz

discard "unwanted" messages

Open uidl6115 opened this issue 9 years ago • 5 comments

Hi, i wasn't able to figure out how to configure rsyslog by this module to discard "unwanted" messages. Would it be possible to add a new parameter for this?

Thanks!

uidl6115 avatar May 13 '16 08:05 uidl6115

Can you explain a little bit more, what your exact requirement is?

saz avatar Aug 07 '16 12:08 saz

Hello,

Just to exclude messages containing <some_string> to be relayed to elk server.

Best regards / Mit freundlichem Gruß / Cu stimă Péter-Pál PIROSKA IT Center Europe - Corp IT IN Server & Cloud Operations - Linux Servers C IN SC LX

Continental Automotive Romania SRL Str. Siemens no.1 300704 Timisoara, Romania

Tel. +40 256 25 1426 Mobile +40 727 735 274 E-Mail: [email protected]

www.continental-corporation.com Proprietary and confidential. Distribution only by express authority of Continental AG or its subsidiaries.

From: Steffen Zieger [email protected] To: saz/puppet-rsyslog [email protected], Cc: Peter Piroska [email protected], Author [email protected] Date: 07.08.2016 15:32 Subject: Re: [saz/puppet-rsyslog] discard "unwanted" messages (#207)

Can you explain a little bit more, what your exact requirement is? — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

uidl6115 avatar Aug 08 '16 06:08 uidl6115

I'm guessing he wish to be able to do something like that :

:msg, contains, "type=EXECVE" ~ :msg, contains, "type=EOE" ~ :msg, contains, "type=CWD" ~ :msg, contains, "type=PATH" ~

Me too btw :-)

renaudhager avatar Sep 09 '16 10:09 renaudhager

Yes, exactly! :)

Best regards / Mit freundlichem Gruß / Cu stimă Péter-Pál PIROSKA IT Center Europe - Corp IT IN Server & Cloud Operations - Linux Servers C IN SC LX

Continental Automotive Romania SRL Str. Siemens no.1 300704 Timisoara, Romania

Tel. +40 256 25 1426 Mobile +40 727 735 274 E-Mail: [email protected]

www.continental-corporation.com Proprietary and confidential. Distribution only by express authority of Continental AG or its subsidiaries.

From: Renaud Hager [email protected] To: saz/puppet-rsyslog [email protected], Cc: Peter Piroska [email protected], Author [email protected] Date: 09.09.2016 13:33 Subject: Re: [saz/puppet-rsyslog] discard "unwanted" messages (#207)

I'm guessing he wish to be able to do something like that : :msg, contains, "type=EXECVE" ~ :msg, contains, "type=EOE" ~ :msg, contains, "type=CWD" ~ :msg, contains, "type=PATH" ~ Me too btw :-) — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

uidl6115 avatar Sep 12 '16 06:09 uidl6115

This answer in this post http://unix.stackexchange.com/questions/133898/why-does-rsyslogd-not-honor-the-following-lines-in-rsyslog-d

says that the stop or ~ doesn't work when the configuration is using "linkedlist type of queues which change the way rsyslog flow goes".

The client config template in this module is using linkedlist and it isn't configurable. templates/client/config.conf.erb: $ActionQueueType LinkedList # run asynchronously

hdeadman avatar Feb 10 '17 01:02 hdeadman