FAQ
I was looking at the manpage for rsyslog.conf, primarily because I need to
filter my manager's new fedora 22 logs coming to our loghost, because of
the bug that I forwarded (if it gets through).


At any rate, I am surprised: under selectors, I see that " The keywords
error, warn and panic are deprecated and should not be used anymore."


Huh?


If I only want warn or more severe, how am I supposed to filter - write a
much more elaborate RE?


       mark

Search Discussions

  • Windsor Dave (AdP/TEF7) at Jul 22, 2015 at 3:39 pm
    Looking at the same manpage, it seems that these selectors are not really being removed, just renamed. The old names are being deprecated.


    Instead of Use
    ========== ===
    warn warning
    err error
    panic emerg






    Best regards


    Dave Windsor
    AdP/TEF7


    -----Original Message-----
    From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of m.roth at 5-cent.us
    Sent: Wednesday, July 22, 2015 11:07 AM
    To: CentOS
    Subject: [CentOS] rsyslog.conf


    I was looking at the manpage for rsyslog.conf, primarily because I need to
    filter my manager's new fedora 22 logs coming to our loghost, because of
    the bug that I forwarded (if it gets through).


    At any rate, I am surprised: under selectors, I see that " The keywords
    error, warn and panic are deprecated and should not be used anymore."


    Huh?


    If I only want warn or more severe, how am I supposed to filter - write a
    much more elaborate RE?


           mark


    _______________________________________________
    CentOS mailing list
    CentOS at centos.org
    http://lists.centos.org/mailman/listinfo/centos
  • Mark Roth at Jul 22, 2015 at 7:33 pm

    Windsor Dave (AdP/TEF7) wrote:
    Looking at the same manpage, it seems that these selectors are not really
    being removed, just renamed. The old names are being deprecated.

    Instead of Use
    ========== ===
    warn warning
    err error
    panic emerg
    Thanks. I didn't see that.


    Unfortunately, it still didn't solve the problem (my manager's
    newly-upgraded fedora from 20->22, and according to the bugzilla bug, the
    systemd developers want *all* logs, and they're dumping *everything* from
    auditd, all successes by root jobs, cron, everything - fine, I suppose,
    for someone debugging systemd....)


            mark
    Best regards

    Dave Windsor
    AdP/TEF7

    -----Original Message-----
    From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
    Behalf Of m.roth at 5-cent.us
    Sent: Wednesday, July 22, 2015 11:07 AM
    To: CentOS
    Subject: [CentOS] rsyslog.conf

    I was looking at the manpage for rsyslog.conf, primarily because I need to
    filter my manager's new fedora 22 logs coming to our loghost, because of
    the bug that I forwarded (if it gets through).

    At any rate, I am surprised: under selectors, I see that " The keywords
    error, warn and panic are deprecated and should not be used anymore."

    Huh?

    If I only want warn or more severe, how am I supposed to filter - write a
    much more elaborate RE?

    mark

    _______________________________________________
    CentOS mailing list
    CentOS at centos.org
    http://lists.centos.org/mailman/listinfo/centos
    _______________________________________________
    CentOS mailing list
    CentOS at centos.org
    http://lists.centos.org/mailman/listinfo/centos
  • Windsor Dave (AdP/TEF7) at Jul 22, 2015 at 3:41 pm
    Sorry for the top post, Outlook defaults strike again.....


    Best regards


    Dave Windsor
    AdP/TEF7
  • Leon Fauster at Jul 22, 2015 at 10:20 pm

    Am 22.07.2015 um 17:41 schrieb Windsor Dave (AdP/TEF7) <dave.windsor@us.bosch.com>:
    Sorry for the top post, Outlook defaults strike again.....

    Outlook forces you to write above ? :-)


    --
    LF
  • Windsor Dave (AdP/TEF7) at Jul 23, 2015 at 1:43 pm

    -----Original Message-----
    From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of Leon Fauster
    Sent: Wednesday, July 22, 2015 6:20 PM
    To: CentOS mailing list
    Subject: Re: [CentOS] rsyslog.conf

    Am 22.07.2015 um 17:41 schrieb Windsor Dave (AdP/TEF7) <dave.windsor@us.bosch.com>:
    Sorry for the top post, Outlook defaults strike again.....
    Outlook forces you to write above ? :-)

    --
    LF



    Perhaps I should say instead that it "strongly encourages" top posting, and all our internal emails follow that convention.


    It's habit-forming.... :-)


    Best regards


    Dave Windsor
    AdP/TEF7
  • Mark Roth at Jul 23, 2015 at 2:31 pm

    Windsor Dave (AdP/TEF7) wrote:
    Behalf Of Leon Fauster
    Am 22.07.2015 um 17:41 schrieb Windsor Dave (AdP/TEF7)
    <dave.windsor@us.bosch.com>:
    Sorry for the top post, Outlook defaults strike again.....
    Outlook forces you to write above ? :-)
    Perhaps I should say instead that it "strongly encourages" top posting,
    and all our internal emails follow that convention.

    It's habit-forming.... :-)

    Best regards

    Yeah, and it's an M$ innovation I *really* dislike. I've had disagreements
    with my wife about that. What was it, Lookout, er Outlook '08 that did
    that?


    The *real* issue is that the way email traditionally was, with bottom
    posting, or intercollation, made it *readable*, and esp. if you come into
    a thread late, you could figure out what was going on.


    I don't know of any written language on the planet that reads from the
    bottom up... and if *anyone* doesn't top post, like a lot of us, it makes
    it unreadable (up, down, up, down, down, up....)... which is why the
    generally-agreed convention on every mailing list I'm on is traditional
    format.


            mark "Kill Bill...."
  • Valeri Galtsev at Jul 23, 2015 at 3:55 pm

    On Thu, July 23, 2015 9:31 am, m.roth at 5-cent.us wrote:
    Windsor Dave (AdP/TEF7) wrote:
    Behalf Of Leon Fauster
    Am 22.07.2015 um 17:41 schrieb Windsor Dave (AdP/TEF7)
    <dave.windsor@us.bosch.com>:
    Sorry for the top post, Outlook defaults strike again.....
    Outlook forces you to write above ? :-)
    Perhaps I should say instead that it "strongly encourages" top posting,
    and all our internal emails follow that convention.
    It's habit-forming.... :-)
    Best regards
    Yeah, and it's an M$ innovation I *really* dislike. I've had
    disagreements
    with my wife about that. What was it, Lookout, er Outlook '08 that did that?
    The *real* issue is that the way email traditionally was, with bottom
    posting, or intercollation, made it *readable*, and esp. if you come
    into
    a thread late, you could figure out what was going on.

    "Come to the thread late" argument is the only rationale for "no top
    posting" in case of mail lists I can figure myself. Plus to have all
    messages in some standard format.


    I hope, the following will make piece between you and your wife. In
    regular e-mail exchange both parties are constantly "in sync", thus
    understand what previous statements this particular message deals with.
    Therefore I personally find it advantageous in private exchange to have
    new information - i.e. message I'm writing - be right at the top of
    current e-mail. This is my current message I want my recipient to read
    (but the rest of exchange is after it as well for recipient's
    convenience). I can say many bad words about Microsoft, but this rationale
    for private mail exchange is something I will not blame them about.


    So far I collected two arguments to not "top post" on mail lists:


    1. standardized format of all messages with answers (like the whole thread
    in front of your eyes, and it is always in the same format)


    2. easier reading for "new comers" to the thread: in chronological order.


    Any others rationales?


    Valeri

    I don't know of any written language on the planet that reads from the
    bottom up... and if *anyone* doesn't top post, like a lot of us, it
    makes
    it unreadable (up, down, up, down, down, up....)... which is why the
    generally-agreed convention on every mailing list I'm on is traditional
    format.
    mark "Kill Bill...."

    _______________________________________________
    CentOS mailing list
    CentOS at centos.org
    http://lists.centos.org/mailman/listinfo/centos



    ++++++++++++++++++++++++++++++++++++++++
    Valeri Galtsev
    Sr System Administrator
    Department of Astronomy and Astrophysics
    Kavli Institute for Cosmological Physics
    University of Chicago
    Phone: 773-702-4247
    ++++++++++++++++++++++++++++++++++++++++
  • Mark Roth at Jul 23, 2015 at 5:19 pm
    Physically dragging the thread back on topic...


    I really am going crazy, trying to deal with the hourly logs from the
    loghost. We've got 170+ servers and workstations... but a *very* large
    percentage of what's showing up is from his bloody new fedora 22, with its
    idiot systemd logging of *ever* selinux message to /var/log/messages.


    I tried creating a rule, /etc/rsyslog.d/audit.conf, that reads:


    if $msg contains "audit" and $msg,contains,'res=success' then -


    but that seemed to send *everything* to /dev/null. That was my best guess,
    based on googling (yahooing?) and man pages. Can anyone tell me what's
    wrong with that syntax?


            mark
  • Jonathan Billings at Jul 23, 2015 at 8:04 pm

    On Thu, Jul 23, 2015 at 01:19:44PM -0400, m.roth at 5-cent.us wrote:
    I really am going crazy, trying to deal with the hourly logs from the
    loghost. We've got 170+ servers and workstations... but a *very* large
    percentage of what's showing up is from his bloody new fedora 22, with its
    idiot systemd logging of *ever* selinux message to /var/log/messages.

    systemctl enable auditd
    systemctl start auditd


    Now your SELinux (and other audit) logs are going to
    /var/log/audit/audit.log.


    --
    Jonathan Billings <billings@negate.org>
  • Mark Roth at Jul 23, 2015 at 8:17 pm

    Jonathan Billings wrote:
    On Thu, Jul 23, 2015 at 01:19:44PM -0400, m.roth at 5-cent.us wrote:
    I really am going crazy, trying to deal with the hourly logs from the
    loghost. We've got 170+ servers and workstations... but a *very* large
    percentage of what's showing up is from his bloody new fedora 22, with
    its
    idiot systemd logging of *ever* selinux message to /var/log/messages.
    systemctl enable auditd
    systemctl start auditd

    Now your SELinux (and other audit) logs are going to
    /var/log/audit/audit.log.

    Um, no. That was where I started this thread - my manager updated his
    fedora box from 20 to 22, and there's a bug about it
    <https://bugzilla.redhat.com/show_bug.cgi?id27379>, where it appears
    that the systemd folks have demanded *all* logs, and are multicast
    spitting out the selinux logs *als0* to /var/log/messages.


    And I just checked, and yes, auditd is running.


    So I'm back to trying to find the correct syntax to filter all the
    successes seen by auditd from getting to messages....


            mark
  • Chris Murphy at Jul 23, 2015 at 9:05 pm

    On Thu, Jul 23, 2015 at 2:17 PM, wrote:
    https://bugzilla.redhat.com/show_bug.cgi?id27379



    There's ~4 aspects to that bug so it's just going to have to settle
    out, with the main one being comment 25 where systemd-journald is
    enabling audit and inappropriately mixing data with different
    discretion levels.


    --
    Chris Murphy
  • Valeri Galtsev at Jul 23, 2015 at 2:34 pm

    On Thu, July 23, 2015 8:43 am, Windsor Dave (AdP/TEF7) wrote:
    -----Original Message-----
    From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
    Behalf Of Leon Fauster
    Sent: Wednesday, July 22, 2015 6:20 PM
    To: CentOS mailing list
    Subject: Re: [CentOS] rsyslog.conf

    Am 22.07.2015 um 17:41 schrieb Windsor Dave (AdP/TEF7)
    <dave.windsor@us.bosch.com>:
    Sorry for the top post, Outlook defaults strike again.....
    Outlook forces you to write above ? :-)

    --
    LF

    Perhaps I should say instead that it "strongly encourages" top posting,
    and all our internal emails follow that convention.

    It's habit-forming.... :-)

    Well, my habit for regular e-mail exchange is "top posting" thus the
    person reads my message thus is right to the point why this particular
    message message was sent in a first place... But when mail lists are
    concerned, I do an opposite, that is I follow mail lists conventions. I
    never thought about rationale behind them, I'm just following them. I
    believe, if some day someone gives reasons why top posting is bad in case
    of mail lists it will really be great. The only reason I can come up with
    myself would be: whoever reads message received through mail lists usually
    has no idea about previous exchange in this thread, thus needs all
    exchange in chronological order. Which I'm not certain is a good reason,
    so those who know and insists strongly about "no top posting" are
    encouraged to give others the reasons behind that. Again, I'm not "top
    posting" on the lists. However, _this_ ("top posting") is my regular way
    in private exchange (and it has good reasons behind it).


    Valeri


    ++++++++++++++++++++++++++++++++++++++++
    Valeri Galtsev
    Sr System Administrator
    Department of Astronomy and Astrophysics
    Kavli Institute for Cosmological Physics
    University of Chicago
    Phone: 773-702-4247
    ++++++++++++++++++++++++++++++++++++++++
  • Leon Fauster at Jul 23, 2015 at 3:35 pm

    Am 23.07.2015 um 16:34 schrieb Valeri Galtsev <galtsev@kicp.uchicago.edu>:
    On Thu, July 23, 2015 8:43 am, Windsor Dave (AdP/TEF7) wrote:

    Perhaps I should say instead that it "strongly encourages" top posting,
    and all our internal emails follow that convention.

    It's habit-forming.... :-)
    Well, my habit for regular e-mail exchange is "top posting" thus the
    person reads my message thus is right to the point why this particular
    message message was sent in a first place... But when mail lists are
    concerned, I do an opposite, that is I follow mail lists conventions. I
    never thought about rationale behind them, I'm just following them. I
    believe, if some day someone gives reasons why top posting is bad in case
    of mail lists it will really be great. The only reason I can come up with
    myself would be: whoever reads message received through mail lists usually
    has no idea about previous exchange in this thread, thus needs all
    exchange in chronological order. Which I'm not certain is a good reason,
    so those who know and insists strongly about "no top posting" are
    encouraged to give others the reasons behind that. Again, I'm not "top
    posting" on the lists. However, _this_ ("top posting") is my regular way
    in private exchange (and it has good reasons behind it).



    well, as you wrote: ... because in conventional spelling systems of western
    languages, text is written from the top to the bottom (applies also for reading).
    To rephrase it: the "usability" is higher while reading bottom posted messages.
    Furthermore stripping is normally done more (footers, disclaimers etc. disappears)
    when bottom posted. This cleans the context additionally ...


    The problem gets worse when both styles are mixed. Try to read a correspondence
    from a year ago in such a style. Its horrible ...


    :-)


    --
    LF
  • Johnny Hughes at Jul 23, 2015 at 3:45 pm

    On 07/23/2015 09:34 AM, Valeri Galtsev wrote:
    On Thu, July 23, 2015 8:43 am, Windsor Dave (AdP/TEF7) wrote:
    -----Original Message-----
    <snip>
    Sorry for the top post, Outlook defaults strike again.....
    Outlook forces you to write above ? :-)
    <snip>
    Perhaps I should say instead that it "strongly encourages" top posting,
    and all our internal emails follow that convention.

    It's habit-forming.... :-)
    Well, my habit for regular e-mail exchange is "top posting" thus the
    person reads my message thus is right to the point why this particular
    message message was sent in a first place... But when mail lists are
    concerned, I do an opposite, that is I follow mail lists conventions. I
    never thought about rationale behind them, I'm just following them. I
    believe, if some day someone gives reasons why top posting is bad in case
    of mail lists it will really be great. The only reason I can come up with
    myself would be: whoever reads message received through mail lists usually
    has no idea about previous exchange in this thread, thus needs all
    exchange in chronological order. Which I'm not certain is a good reason,
    so those who know and insists strongly about "no top posting" are
    encouraged to give others the reasons behind that. Again, I'm not "top
    posting" on the lists. However, _this_ ("top posting") is my regular way
    in private exchange (and it has good reasons behind it).

    The main reason actually is chronological order. But not just for the
    reply .. but for IN-LINE posting.


    In a discussion where you need to make points in-line and where you only
    need some of and not all of the other posts, something that happens
    frequently on mailing lists, it is very much easier to read that type of
    collaborated message in chronological order.


    I mean, you don't read a book or a newspaper article or a blog post from
    bottom to top, right? Why would you read communications from bottom to
    top? And it is not really even bottom to top. If you take 4 emails of
    10 lines each (and 40 lines total) .. it is 75% down to 100% (original
    mail)... then up to 50% and read down to 75% (2nd mail), then up to 25%
    and read down to 50%, then up to 0% and read down to 25%. What if
    someone made you read blog posts that way, or books or newspaper articles?


    -------------- next part --------------
    A non-text attachment was scrubbed...
    Name: signature.asc
    Type: application/pgp-signature
    Size: 198 bytes
    Desc: OpenPGP digital signature
    URL: <http://lists.centos.org/pipermail/centos/attachments/20150723/f94ae350/attachment.sig>
  • Valeri Galtsev at Jul 23, 2015 at 4:06 pm

    On Thu, July 23, 2015 10:45 am, Johnny Hughes wrote:
    On 07/23/2015 09:34 AM, Valeri Galtsev wrote:
    On Thu, July 23, 2015 8:43 am, Windsor Dave (AdP/TEF7) wrote:
    -----Original Message-----
    <snip>
    Sorry for the top post, Outlook defaults strike again.....
    Outlook forces you to write above ? :-)
    <snip>
    Perhaps I should say instead that it "strongly encourages" top posting,
    and all our internal emails follow that convention.

    It's habit-forming.... :-)
    Well, my habit for regular e-mail exchange is "top posting" thus the
    person reads my message thus is right to the point why this particular
    message message was sent in a first place... But when mail lists are
    concerned, I do an opposite, that is I follow mail lists conventions. I
    never thought about rationale behind them, I'm just following them. I
    believe, if some day someone gives reasons why top posting is bad in
    case
    of mail lists it will really be great. The only reason I can come up
    with
    myself would be: whoever reads message received through mail lists
    usually
    has no idea about previous exchange in this thread, thus needs all
    exchange in chronological order. Which I'm not certain is a good reason,
    so those who know and insists strongly about "no top posting" are
    encouraged to give others the reasons behind that. Again, I'm not "top
    posting" on the lists. However, _this_ ("top posting") is my regular way
    in private exchange (and it has good reasons behind it).
    The main reason actually is chronological order. But not just for the
    reply .. but for IN-LINE posting.

    In a discussion where you need to make points in-line and where you only
    need some of and not all of the other posts, something that happens
    frequently on mailing lists, it is very much easier to read that type of
    collaborated message in chronological order.

    I mean, you don't read a book or a newspaper article or a blog post from
    bottom to top, right? Why would you read communications from bottom to
    top? And it is not really even bottom to top. If you take 4 emails of
    10 lines each (and 40 lines total) .. it is 75% down to 100% (original
    mail)... then up to 50% and read down to 75% (2nd mail), then up to 25%
    and read down to 50%, then up to 0% and read down to 25%. What if
    someone made you read blog posts that way, or books or newspaper articles?

    OK, the shortest I can re-formulate your message is: on mail lists we are
    collectively writing the book for someone else to read (much less
    communicating with each other in real time ;-) Any accepted convention is
    better than no convention: save everybody's time. Suits me (as far as mail
    lists are concerned).


    Valeri


    ++++++++++++++++++++++++++++++++++++++++
    Valeri Galtsev
    Sr System Administrator
    Department of Astronomy and Astrophysics
    Kavli Institute for Cosmological Physics
    University of Chicago
    Phone: 773-702-4247
    ++++++++++++++++++++++++++++++++++++++++
  • Leon Fauster at Jul 23, 2015 at 4:18 pm

    Am 23.07.2015 um 18:06 schrieb "Valeri Galtsev" <galtsev@kicp.uchicago.edu>:
    On Thu, July 23, 2015 10:45 am, Johnny Hughes wrote:

    The main reason actually is chronological order. But not just for the
    reply .. but for IN-LINE posting.

    In a discussion where you need to make points in-line and where you only
    need some of and not all of the other posts, something that happens
    frequently on mailing lists, it is very much easier to read that type of
    collaborated message in chronological order.

    I mean, you don't read a book or a newspaper article or a blog post from
    bottom to top, right? Why would you read communications from bottom to
    top? And it is not really even bottom to top. If you take 4 emails of
    10 lines each (and 40 lines total) .. it is 75% down to 100% (original
    mail)... then up to 50% and read down to 75% (2nd mail), then up to 25%
    and read down to 50%, then up to 0% and read down to 25%. What if
    someone made you read blog posts that way, or books or newspaper articles?
    OK, the shortest I can re-formulate your message is: on mail lists we are
    collectively writing the book for someone else to read (much less
    communicating with each other in real time ;-) Any accepted convention is
    better than no convention: save everybody's time. Suits me (as far as mail
    lists are concerned).



    I consider email as an asynchronous communication,
    therefore "book style convention" is recommended.


    --
    LF
  • Mark Roth at Jul 23, 2015 at 5:15 pm

    Leon Fauster wrote:
    Am 23.07.2015 um 18:06 schrieb "Valeri Galtsev"
    <galtsev@kicp.uchicago.edu>:
    On Thu, July 23, 2015 10:45 am, Johnny Hughes wrote:

    The main reason actually is chronological order. But not just for the
    reply .. but for IN-LINE posting.

    In a discussion where you need to make points in-line and where you
    only need some of and not all of the other posts, something that
    happens frequently on mailing lists, it is very much easier to read
    that type of collaborated message in chronological order.

    I mean, you don't read a book or a newspaper article or a blog post
    from bottom to top, right? Why would you read communications from
    bottom to top? And it is not really even bottom to top. If
    you take 4 emails of 10 lines each (and 40 lines total) .. it
    is 75% down to 100% (original mail)... then up to 50% and read
    down to 75% (2nd mail), then up to 25% and read down to 50%, then
    up to 0% and read down to 25%. What if someone made you read blog
    posts that way, or books or newspaper articles?
    OK, the shortest I can re-formulate your message is: on mail lists we
    are collectively writing the book for someone else to read (much less
    communicating with each other in real time ;-) Any accepted convention
    is better than no convention: save everybody's time. Suits me (as
    far as mail lists are concerned).
    I consider email as an asynchronous communication,
    therefore "book style convention" is recommended.

    Yup. We're writing electronic *mail*, not text messages (here, you've got
    140 char, tell me everything you know....), and you don't have a two-line
    pager screen.... I see it as a slo-mo group conversation, and top-posting
    is like the person who suddenly utters a nonsequitur, louder than everyone
    else is speaking....


             mark
  • James B. Byrne at Jul 24, 2015 at 1:05 pm

    On Thu, July 23, 2015 10:34, Valeri Galtsev wrote:


    Well, my habit for regular e-mail exchange is "top posting" thus the
    person reads my message thus is right to the point why this particular
    message message was sent in a first place... But when mail lists are
    concerned, I do an opposite, that is I follow mail lists conventions.
    I never thought about rationale behind them, I'm just following them.
    I believe, if some day someone gives reasons why top posting is bad
    in case of mail lists it will really be great. The only reason I can
    come up with myself would be: whoever reads message received through
    mail lists usually has no idea about previous exchange in this
    thread, thus needs all exchange in chronological order. Which I'm
    not certain is a good reason, so those who know and insists
    strongly about "no top posting" are encouraged to give others the
    reasons behind that. Again, I'm not "top posting" on the lists.
    However, _this_ ("top posting") is my regular way in private
    exchange (and it has good reasons behind it).

    It originates from early Usenet practice where it had some useful
    purpose given the way Usenet feeds were typically consumed and
    forwarded. Generally Usenet News servers maintained posts for a
    limited period of time. If you did not connect to obtain the news-feed
    within that window then all earlier posts were 'lost' to you. Thus
    encapsulating the entire discussion in chronological order in each
    reply compensated for the technological (storage) limits prevalent in
    the 1980/90s.


    The orthodox justification for bottom-posting is often exemplified by
    tag lines similar in content to the following:

    Because it makes following the discussion hard.
    Why is top-posting wrong?
    You are top-posting.
    What is wrong with my message?

    However, forcing your correspondents to wade through an interminable
    wall of text that regurgitates the previous thread before getting to
    the point of the message arguably interferes with proper understanding
    no less than top-posting does. I am unaware of any scientific study
    that purports to support either position. So, in the absence of that
    I conclude:


             De gustibus non est disputandum.


    At this point the practice, particularly for archived mailing lists,
    is little more than dogmatic adherence to a style that serves only to
    distinguish the 'in group' from the 'other'.


    --
    *** e-Mail is NOT a SECURE channel ***
             Do NOT transmit sensitive data via e-Mail
    James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
    Harte & Lyne Limited http://www.harte-lyne.ca
    9 Brockley Drive vox: +1 905 561 1241
    Hamilton, Ontario fax: +1 905 561 0757
    Canada L8E 3C3
  • Always Learning at Jul 25, 2015 at 12:37 am

    On Fri, 2015-07-24 at 09:05 -0400, James B. Byrne wrote:


    However, forcing your correspondents to wade through an interminable
    wall of text that regurgitates the previous thread before getting to
    the point of the message arguably interferes with proper understanding
    no less than top-posting does.

    There is absolutely no need to include irrelevant text when replying to
    a posting. Trim and Cut were sensible skills acquired by some of us in
    the 1980's and 1990's. Pertinent points pleases people perpetually.




    --
    Regards,


    Paul.
    England, EU. England's place is in the European Union.
  • Ian Mortimer at Jul 25, 2015 at 12:58 am

    On Sat, 25 Jul 2015, Always Learning wrote:


    There is absolutely no need to include irrelevant text when replying to
    a posting. Trim and Cut were sensible skills acquired by some of us in
    the 1980's and 1990's. Pertinent points pleases people perpetually.

    Precisely. A small amount of effort by the sender makes
    the discussion easier to follow for the many recipients.




    --
    Ian
  • Stuart Barkley at Jul 25, 2015 at 6:17 am

    On Fri, 24 Jul 2015 at 20:37 -0000, Always Learning wrote:


    There is absolutely no need to include irrelevant text when replying
    to a posting. Trim and Cut were sensible skills acquired by some of
    us in the 1980's and 1990's.

    Every email sent to this list includes the following in the headers:


         List-Archive: <http://lists.centos.org/pipermail/centos/>


    People should trim any included text (and properly quote whatever they
    leave in place). If someone needs more context the list archives can
    supply that extra detail.


    Stuart
    --
    I've never been lost; I was once bewildered for three days, but never lost!
                                             -- Daniel Boone
  • James B. Byrne at Jul 24, 2015 at 1:16 pm

    On Thu, July 23, 2015 13:19, m.roth at 5-cent.us wrote:
    Physically dragging the thread back on topic...

    I really am going crazy, trying to deal with the hourly logs from the
    loghost. We've got 170+ servers and workstations... but a *very* large
    percentage of what's showing up is from his bloody new fedora 22, with
    its idiot systemd logging of *ever* selinux message to
    /var/log/messages.

    I tried creating a rule, /etc/rsyslog.d/audit.conf, that reads:

    if $msg contains "audit" and $msg,contains,'res=success' then -

    but that seemed to send *everything* to /dev/null. That was my best
    guess,
    based on googling (yahooing?) and man pages. Can anyone tell me what's
    wrong with that syntax?

    mark


    And Lennart blames Linus[1] for why he gets hate mail.


    We are giving RHEL-7 a pass on this iteration. We have installed it on
    a couple of test hosts and are not favourably impressed with much of
    the user interface. At least not from the sys-admin side of things.
    This is not to imply that there is nothing good in 7. There are at
    lot of improvements that we certainly value. But it is too early in
    systemd development for us to waste time debugging somebody else's
    pipe-dream on our dime.


    We will see what 8 offers and decide then whether to move to something
    else.


    [1].
    https://plus.google.com/app/basic/stream/z13rdjryqyn1xlt3522sxpugoz3gujbhh04


    --
    *** e-Mail is NOT a SECURE channel ***
             Do NOT transmit sensitive data via e-Mail
    James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
    Harte & Lyne Limited http://www.harte-lyne.ca
    9 Brockley Drive vox: +1 905 561 1241
    Hamilton, Ontario fax: +1 905 561 0757
    Canada L8E 3C3
  • Robert Wolfe at Jul 24, 2015 at 2:32 pm
    If selinux is causing you a headache, then disable it.


    -----Original Message-----
    From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of James B. Byrne
    Sent: Friday, July 24, 2015 8:16 AM
    To: CentOS mailing list
    Subject: Re: [CentOS] rsyslog.conf



    On Thu, July 23, 2015 13:19, m.roth at 5-cent.us wrote:
    Physically dragging the thread back on topic...

    I really am going crazy, trying to deal with the hourly logs from the
    loghost. We've got 170+ servers and workstations... but a *very* large
    percentage of what's showing up is from his bloody new fedora 22, with
    its idiot systemd logging of *ever* selinux message to
    /var/log/messages.

    I tried creating a rule, /etc/rsyslog.d/audit.conf, that reads:

    if $msg contains "audit" and $msg,contains,'res=success' then -

    but that seemed to send *everything* to /dev/null. That was my best
    guess, based on googling (yahooing?) and man pages. Can anyone tell me
    what's wrong with that syntax?

    mark


    And Lennart blames Linus[1] for why he gets hate mail.


    We are giving RHEL-7 a pass on this iteration. We have installed it on a couple of test hosts and are not favourably impressed with much of the user interface. At least not from the sys-admin side of things.
    This is not to imply that there is nothing good in 7. There are at lot of improvements that we certainly value. But it is too early in systemd development for us to waste time debugging somebody else's pipe-dream on our dime.


    We will see what 8 offers and decide then whether to move to something else.


    [1].
    https://plus.google.com/app/basic/stream/z13rdjryqyn1xlt3522sxpugoz3gujbhh04


    --
    *** e-Mail is NOT a SECURE channel ***
             Do NOT transmit sensitive data via e-Mail
    James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
    Harte & Lyne Limited http://www.harte-lyne.ca
    9 Brockley Drive vox: +1 905 561 1241
    Hamilton, Ontario fax: +1 905 561 0757
    Canada L8E 3C3


    _______________________________________________
    CentOS mailing list
    CentOS at centos.org
    http://lists.centos.org/mailman/listinfo/centos
  • Valeri Galtsev at Jul 24, 2015 at 2:36 pm

    On Fri, July 24, 2015 8:16 am, James B. Byrne wrote:
    On Thu, July 23, 2015 13:19, m.roth at 5-cent.us wrote:
    Physically dragging the thread back on topic...

    I really am going crazy, trying to deal with the hourly logs from the
    loghost. We've got 170+ servers and workstations... but a *very* large
    percentage of what's showing up is from his bloody new fedora 22, with
    its idiot systemd logging of *ever* selinux message to
    /var/log/messages.

    I tried creating a rule, /etc/rsyslog.d/audit.conf, that reads:

    if $msg contains "audit" and $msg,contains,'res=success' then -

    but that seemed to send *everything* to /dev/null. That was my best
    guess,
    based on googling (yahooing?) and man pages. Can anyone tell me what's
    wrong with that syntax?

    mark

    And Lennart blames Linus[1] for why he gets hate mail.

    Indeed. And thanks to Linus we have Linux kernel. And thanks to Lennart we
    have config files polluted with XML tags.

    We are giving RHEL-7 a pass on this iteration.

    Good for you. I started installing CentOS 7 on all new workstations (but
    we do pass on Linux on all new servers in favor of FreeBSD - number
    crunchers and maybe workstations have to be Linux though...)


    Valeri

    We have installed it on
    a couple of test hosts and are not favourably impressed with much of
    the user interface. At least not from the sys-admin side of things.
    This is not to imply that there is nothing good in 7. There are at
    lot of improvements that we certainly value. But it is too early in
    systemd development for us to waste time debugging somebody else's
    pipe-dream on our dime.

    We will see what 8 offers and decide then whether to move to something
    else.

    [1].
    https://plus.google.com/app/basic/stream/z13rdjryqyn1xlt3522sxpugoz3gujbhh04

    --
    *** e-Mail is NOT a SECURE channel ***
    Do NOT transmit sensitive data via e-Mail
    James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
    Harte & Lyne Limited http://www.harte-lyne.ca
    9 Brockley Drive vox: +1 905 561 1241
    Hamilton, Ontario fax: +1 905 561 0757
    Canada L8E 3C3

    _______________________________________________
    CentOS mailing list
    CentOS at centos.org
    http://lists.centos.org/mailman/listinfo/centos



    ++++++++++++++++++++++++++++++++++++++++
    Valeri Galtsev
    Sr System Administrator
    Department of Astronomy and Astrophysics
    Kavli Institute for Cosmological Physics
    University of Chicago
    Phone: 773-702-4247
    ++++++++++++++++++++++++++++++++++++++++
  • Jonathan Billings at Jul 24, 2015 at 5:34 pm

    On Fri, Jul 24, 2015 at 09:36:17AM -0500, Valeri Galtsev wrote:
    Indeed. And thanks to Linus we have Linux kernel. And thanks to Lennart we
    have config files polluted with XML tags.

    There's no XML in the systemd configuration language. You might be
    thinking of launchd.


    --
    Jonathan Billings <billings@negate.org>
  • Jonathan Billings at Jul 24, 2015 at 5:32 pm

    On Fri, Jul 24, 2015 at 09:16:26AM -0400, James B. Byrne wrote:
    We are giving RHEL-7 a pass on this iteration.

    For what it's worth, the problem described at the beginning of this
    thread doesn't happen in RHEL7. Yet. Supposedly systemd is being
    rebased in 7.2 so we'll see.


    This is why Fedora exists, to work out all these kinds of problems
    before it hits an enterprise OS.


    --
    Jonathan Billings <billings@negate.org>
  • Mark Roth at Jul 24, 2015 at 6:30 pm

    Jonathan Billings wrote:
    On Fri, Jul 24, 2015 at 09:16:26AM -0400, James B. Byrne wrote:
    We are giving RHEL-7 a pass on this iteration.
    For what it's worth, the problem described at the beginning of this
    thread doesn't happen in RHEL7. Yet. Supposedly systemd is being
    rebased in 7.2 so we'll see.

    This is why Fedora exists, to work out all these kinds of problems
    before it hits an enterprise OS.

    Ok, this is frustrating. May I take it, then, that no one has written the
    conditional filters described in the rsyslog manual?


    I've tried several variations, such as
    if $msg contains 'audit' and $msg contains 'res=success' then -
    which resulted in *all* messages going to /dev/null, even though
    everything I find in googling (or I should say what little I find in
    googling) suggests that should work.


           mark
  • Jonathan Billings at Jul 25, 2015 at 4:22 pm

    On Jul 24, 2015, at 2:30 PM, m.roth at 5-cent.us wrote:
    Ok, this is frustrating. May I take it, then, that no one has written the
    conditional filters described in the rsyslog manual?

    We?ve had this in our RHEL6 and now our RHEL7 rsyslog.conf:


    # Ignore OpenAFS errors
    :msg, contains, "byte-range lock/unlock ignored" ~
    :msg, contains, "byte-range locks only enforced for processes on this machine" ~


    I?m seeing warnings in the logs that this is an old syntax on RHEL7, but it still works.


    --
    Jonathan Billings <billings@negate.org>

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupcentos @
categoriescentos
postedJul 22, '15 at 3:06p
activeJul 25, '15 at 4:22p
posts29
users12
websitecentos.org
irc#centos

People

Translate

site design / logo © 2022 Grokbase