[CentOS] rsyslog.conf
m.roth at 5-cent.us
m.roth at 5-cent.us
Thu Jul 23 17:19:44 UTC 2015
Physically dragging the thread back on topic...
I really am going crazy, trying to deal with the hourly logs from the
loghost. We've got 170+ servers and workstations... but a *very* large
percentage of what's showing up is from his bloody new fedora 22, with its
idiot systemd logging of *ever* selinux message to /var/log/messages.
I tried creating a rule, /etc/rsyslog.d/audit.conf, that reads:
if $msg contains "audit" and $msg,contains,'res=success' then -
but that seemed to send *everything* to /dev/null. That was my best guess,
based on googling (yahooing?) and man pages. Can anyone tell me what's
wrong with that syntax?
mark
More information about the CentOS
mailing list