Jonathan Billings wrote:
> On Fri, Jul 24, 2015 at 09:16:26AM -0400, James B. Byrne wrote:
>> We are giving RHEL-7 a pass on this iteration.
>
> For what it's worth, the problem described at the beginning of this
> thread doesn't happen in RHEL7. Yet. Supposedly systemd is being
> rebased in 7.2 so we'll see.
>
> This is why Fedora exists, to work out all these kinds of problems
> before it hits an enterprise OS.
Ok, this is frustrating. May I take it, then, that no one has written the
conditional filters described in the rsyslog manual?
I've tried several variations, such as
if $msg contains 'audit' and $msg contains 'res=success' then -
which resulted in *all* messages going to /dev/null, even though
everything I find in googling (or I should say what little I find in
googling) suggests that should work.
mark