[CentOS] rsyslog.conf

Fri Jul 24 18:30:53 UTC 2015
m.roth at 5-cent.us <m.roth at 5-cent.us>

Jonathan Billings wrote:
> On Fri, Jul 24, 2015 at 09:16:26AM -0400, James B. Byrne wrote:
>> We are giving RHEL-7 a pass on this iteration.
> For what it's worth, the problem described at the beginning of this
> thread doesn't happen in RHEL7.  Yet.  Supposedly systemd is being
> rebased in 7.2 so we'll see.
> This is why Fedora exists, to work out all these kinds of problems
> before it hits an enterprise OS.

Ok, this is frustrating. May I take it, then, that no one has written the
conditional filters described in the rsyslog manual?

I've tried several variations, such as
if $msg contains 'audit' and $msg contains 'res=success' then -
which resulted in *all* messages going to /dev/null, even though
everything I find in googling (or I should say what little I find in
googling) suggests that should work.