J Travis Lindsey via rsyslog
2018-10-21 14:12:31 UTC
Hello,
I'm trying to get a better understanding of rsyslog and stop and custom
files.
I have a rule based on the `basic` format like this:
```
# in /etc/rsyslog.d//00-custom1.conf
if $fromhost-ip=='192.168.0.1' then /var/log/remote_firewall.log
stop
```
The one benefit that i found of stop is that it prevents the messages i was
filtering from also showing up in /var/log/syslog. The docs state stop
<https://www.rsyslog.com/doc/v8-stable/configuration/actions.html?highlight=stop>
is to "filter out messages before carrying on any further processing". Is
"stop" always in the context of the rule preceding it? So basically in my
example, it just stops the processing of anymore of if
$fromhost-ip=='192.168.0.1' then /var/log/remote_firewall.log?
Or, maybe in the above case, is the following true?
1. Any rules in filenames greater than 00 (like 01-custom.conf) will not
be honored because of the last "stop
<https://www.rsyslog.com/doc/v8-stable/configuration/actions.html?highlight=stop>"
in 00-custom1.conf?
2. Any rules after the "stop
<https://www.rsyslog.com/doc/v8-stable/configuration/actions.html?highlight=stop>"
line in the 00-custom1.conf file will not be honored?
How does the order of files in "rsyslog.d/<0-9>-*.conf" work?
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
I'm trying to get a better understanding of rsyslog and stop and custom
files.
I have a rule based on the `basic` format like this:
```
# in /etc/rsyslog.d//00-custom1.conf
if $fromhost-ip=='192.168.0.1' then /var/log/remote_firewall.log
stop
```
The one benefit that i found of stop is that it prevents the messages i was
filtering from also showing up in /var/log/syslog. The docs state stop
<https://www.rsyslog.com/doc/v8-stable/configuration/actions.html?highlight=stop>
is to "filter out messages before carrying on any further processing". Is
"stop" always in the context of the rule preceding it? So basically in my
example, it just stops the processing of anymore of if
$fromhost-ip=='192.168.0.1' then /var/log/remote_firewall.log?
Or, maybe in the above case, is the following true?
1. Any rules in filenames greater than 00 (like 01-custom.conf) will not
be honored because of the last "stop
<https://www.rsyslog.com/doc/v8-stable/configuration/actions.html?highlight=stop>"
in 00-custom1.conf?
2. Any rules after the "stop
<https://www.rsyslog.com/doc/v8-stable/configuration/actions.html?highlight=stop>"
line in the 00-custom1.conf file will not be honored?
How does the order of files in "rsyslog.d/<0-9>-*.conf" work?
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.