0

I was trying to set up a specific Rsyslog configuration file to catch all incoming kernel messages of a few types. For example, I want to dump all logs containing "example message 1" and "example message 2" into a custom log.

For example, this rule in rsyslog.conf works.

:msg, contains, "example message 1" /var/log/custom-log :msg, contains, "example message 2" /var/log/custom-log

However, is there a way to make it any cleaner? For example, using "example message 1"|"example message 2" as a value instead, or something equivalent. The rsyslog documentation is a tad cryptic about this.

Thanks!

Improve this question
1
  • Clarification: you want to dump all logs containing either "example message 1" OR "example message 2" into a custom log, right? Commented Jul 28, 2023 at 20:36

1 Answer 1

Reset to default
0

This should work as well:

if $msg contains ['string 1', 'string 2'] then /var/log/somelog

Or maybe some other inspiration: https://www.rsyslog.com/doc/master/configuration/filters.html

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.