[Bug 479592] Re: rsyslog doesn't work with property filter 'startswith'
Haw Loeung
479592 at bugs.launchpad.net
Wed Nov 7 23:37:35 UTC 2012
I can confirm that Radu Gheorghe (radu0gheorghe) is correct and have had
to use the following template to discard the leading whitepsace.
$template ApacheLogFormat,"%msg:2:10000%\n"
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/479592
Title:
rsyslog doesn't work with property filter 'startswith'
Status in “rsyslog” package in Ubuntu:
Confirmed
Bug description:
Binary package hint: rsyslog
It seems that the property filter 'startswith' can't be used to filter e.g. firewall messages.
Using 'contains' works as expected.
e.g.
Nov 9 22:28:24 xxx kernel: [ 8367.076851] FIRE IN= OUT=eth0 SRC=xxx.xxx.xxx.xxx DST=xxx.xxx.xxx.xxx LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=8231 DF PROTO=TCP SPT=4815 DPT=22 SEQ=2172904999 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40101040201030306)
:msg, contains, "FIRE " -/var/log/fire.log
-> works
:msg, startswith, "FIRE " -/var/log/fire.log
-> doesn't work
This issue is already mentioned in bug 450002 comment #2 .
I'm working with rsyslog 4.2.0-2ubuntu5 on (k)ubuntu 9.10 .
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/479592/+subscriptions
More information about the foundations-bugs
mailing list