rsyslog filter - stop not discarding

M

mstefan

Member
Jan 3, 2022
24
9
8
34
Hello,

I am trying to tidy up my syslog on lates pve (7.3-4).
Therefore i edited the /etc/rsyslog.conf and added the following before the # RULES # section.
(I already tried on other positions, nothing changed)
Bash: 
if ($programname contains "root") then {
  action(type="omfile" file="/mnt/log.log")
  stop
}

I tested with logger "test".
The logentry is written to the destination file but the "stop" is ignored. (tried with &stop aswell)
It is also placed in syslog.

Do it get sth wrong here?
 
just tried reproducing this - it works here (also latest versions) - the messages are logged to the /mnt/log.log, but not to /var/log/syslog

(just copied your snippet above the RULES section - after reading the rsyslog docs and agreeing that it seems correct)

The one thing that was surprising was that running `logger` in my graphic session always kept my username (even though I used `su` and `sudo` - maybe this was the issue for you as well?)

and just to be sure - the messages will end up in the journal in any case (journald forwards the messages to syslog ) - so check /var/log/syslog - and not journalctl

I hope this helps!
 
You must log in or register to reply here.
Top Bottom