[SOLVED] Setting up conditional forwarder on Centos 8
by bsparks from LinuxQuestions.org on (#6GYV5)
I have Centos 8 and setting up a conditional forwarder in /etc/rsyslog.conf, which states that "If there is any line with "XY 3890" and contains "trfchk" in /var/log/messages, it should be forwarded to "/var/log/trfchksdblog" -->
Quote:
When I am validating the config, it throws below error
Code:[root@centos81 ~]# rsyslogd -N3
rsyslogd: version 8.24.0-55.el7, config validation run (level 3), master config /etc/rsyslog.conf
rsyslogd: error: extra characters in config line ignored: '/var/log/trfchksdblog' [v8.24.0-55.el7]
[root@centos81 ~]#I can't figure, what is extra character in this log file. Can someone advice please?
Thanks
--------------
Edit : It is fixed. It was syntax error and now below part is done and good
Code:# trfchksdblog setup
$FileCreateMode 0644
if $msg contains 'XY 3890' and not ($msg contains 'trfchk1' or $msg contains 'trfchk2' or $msg contains 'trfchk4' or $msg contains 'trfchk5') then /var/log/trfchksdblog
Quote:
| # trfchksdblog setup $FileCreateMode 0644 /var/log/trfchksdblog if $msg contains 'XY 3890' and not ($msg contains 'trfchk1' or $msg contains 'trfchk2' or $msg contains 'trfchk4' or $msg contains 'trfchk5') then /var/log/trfchksdblog |
Code:[root@centos81 ~]# rsyslogd -N3
rsyslogd: version 8.24.0-55.el7, config validation run (level 3), master config /etc/rsyslog.conf
rsyslogd: error: extra characters in config line ignored: '/var/log/trfchksdblog' [v8.24.0-55.el7]
[root@centos81 ~]#I can't figure, what is extra character in this log file. Can someone advice please?
Thanks
--------------
Edit : It is fixed. It was syntax error and now below part is done and good
Code:# trfchksdblog setup
$FileCreateMode 0644
if $msg contains 'XY 3890' and not ($msg contains 'trfchk1' or $msg contains 'trfchk2' or $msg contains 'trfchk4' or $msg contains 'trfchk5') then /var/log/trfchksdblog