If you include both of the blocks that Phillipe gave you, that behavior is exactly what you should get. There is no discard action in the first block, so messages that match it will still be evaluated by the second one and can potentially get both actions applied (if they are from that host and are severity 3).
Because the nested "if" isn't possible in v6, as I understand it, using logic such as has been provided is your best choice. The provided configuration is logically equivalent, but avoids that nested if statement.
Post by Alexandr KobzarenkoAfter I installed version 6, it took a lot of mistakes.
But you do not fully understand what I want.
All logs from IKOBZARXP wroute to my SQL DB, but if in log for this PC i cee ERROR, then
wroute to SQL_DB + MAIL
NOw in my config i do this
f ($hostname == 'IKOBZARXP' and $syslogseverity == 3) then {
:ommysql:localhost,Syslog,syslog,password
:ommail:;mailBody
}
End this scheme is worked, but how i can add second if ?
exampe
if $hostname == 'IKOBZARXP' then {
if $syslogseverity == 3 then {
:ommysql:localhost,Syslog,syslog,password
:ommail:;mailBody
}else {
:ommysql:localhost,Syslog,syslog,password
}
}
????
Post by Philippe MullerHi Alexandr,
# Write all messages from IKOBZARXP to mysql
if $hostname == "IKOBZARXP" then
:ommysql:localhost,Syslog,syslog,passwoed
Post by Philippe Muller# send all error messages from IKOBZARXP by e-mail
if ($hostname == "IKOBZARXP" and $syslogseverity == 3) then
:ommail:;mailBody
By the way, $syslogseverity == 3 only matches messages with the error
severity.
If you want error messages and more critical messages, use <= 3
On Mon, Oct 8, 2012 at 1:42 PM, Alexandr Kobzarenko <puzo at ukr.net>
Post by Alexandr KobzarenkoI am used freebSD 9.0 and i have only 6 version (now i update to
6). I
Post by Philippe MullerPost by Alexandr Kobzarenkodont want install rsyslog from svn. i want used my system install.
How i can do this filter on 6 version?
--- ???????? ????????? ---
?? ????: "Rainer Gerhards" <rgerhards at hq.adiscon.com>
????: "rsyslog-users" <rsyslog at lists.adiscon.com>
????: 8 ??????? 2012, 14:31:59
????: Re: [rsyslog] Help with filters
Post by Rainer Gerhards-----Original Message-----
From: rsyslog-bounces at lists.adiscon.com [rsyslog-
bounces at lists.adiscon.com] On Behalf Of Alexandr Kobzarenko
Sent: Monday, October 08, 2012 1:24 PM
To: rsyslog at lists.adiscon.com
Subject: [rsyslog] Help with filters
Hi all !
Try rsyslog and wery glad to use it.
But can add some filter in config!
now i whant do 2 filters on my logs, example
if ($hostname == "IKOBZARXP") then {
if ($syslogseverity == 3) then {
:ommysql:localhost,Syslog,syslog,passwoed
:ommysql:localhost,Syslog,syslog,passwoed
Post by Philippe MullerPost by Alexandr KobzarenkoPost by Rainer Gerhards}
}
You need a recent v7 version to do this type of config. The error
messages tell you have an older version. I suggest updating to v7.
Post by Rainer GerhardsRainer
But have a error
Oct 8 14:23:16 logs rsyslogd: warning: selector line without
actions
Post by Philippe MullerPost by Alexandr KobzarenkoPost by Rainer Gerhardswill be discarded
Oct 8 14:23:16 logs rsyslogd-3000: unknown priority name ""
Oct 8 14:23:16 logs rsyslogd: the last error occured in
/usr/local/etc/rsyslog.conf, line 80:" } "
Oct 8 14:23:16 logs rsyslogd: warning: selector line without
actions
Post by Philippe MullerPost by Alexandr KobzarenkoPost by Rainer Gerhardswill be discarded
Oct 8 14:23:16 logs rsyslogd-3000: unknown priority name ""
Oct 8 14:23:16 logs rsyslogd: the last error occured in
/usr/local/etc/rsyslog.conf, line 81:"} "
Oct 8 14:23:16 logs rsyslogd: warning: selector line without
actions
Post by Philippe MullerPost by Alexandr KobzarenkoPost by Rainer Gerhardswill be discarded
Oct 8 14:23:16 logs rsyslogd-2124: CONFIG ERROR: could not
interpret
Post by Philippe MullerPost by Alexandr KobzarenkoPost by Rainer Gerhardsmaster config file '/usr/local/etc/rsyslog.conf'. [try
http://www.rsyslog.com/e/2124 ]
Say me how do this true?
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by
a
NOT POST
Post by Philippe MullerPost by Alexandr KobzarenkoPost by Rainer Gerhardsif you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad
Post by Philippe MullerPost by Alexandr Kobzarenkoof sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if
you
Post by Philippe MullerPost by Alexandr KobzarenkoDON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad
Post by Philippe MullerPost by Alexandr Kobzarenkoof sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if
you
Post by Philippe Muller_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST
if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST
if you DON'T LIKE THAT.