Jonathan Billings wrote:
On Fri, Jul 24, 2015 at 09:16:26AM -0400, James B. Byrne wrote:
We are giving RHEL-7 a pass on this iteration.
For what it's worth, the problem described at the beginning of this thread doesn't happen in RHEL7. Yet. Supposedly systemd is being rebased in 7.2 so we'll see.
This is why Fedora exists, to work out all these kinds of problems before it hits an enterprise OS.
Ok, this is frustrating. May I take it, then, that no one has written the conditional filters described in the rsyslog manual?
I've tried several variations, such as if $msg contains 'audit' and $msg contains 'res=success' then - which resulted in *all* messages going to /dev/null, even though everything I find in googling (or I should say what little I find in googling) suggests that should work.
mark