trouble filtering rsyslog messages

[michael600]

Hi
In Centos 7, I am trying to filter out ie to stop, certain messages being written to a log file. I was successful in stopping the following text being stored in /var/log/messages:

Code: Select all

Jan 27 09:56:05 localhost systemd: Removed slice User Slice of asterisk

by adding a .conf file into /etc/rsyslog.d/ with contents:

Code: Select all

if $programname == "systemd" and ($msg contains "Removed slice User Slice" ) then stop

and then running:

Code: Select all

systemctl restart rsyslog

but the same strategy is not working for messages generated by crontab, which appear in /var/log/cron, viz:

Code: Select all

Jan 27 12:59:01 localhost CROND[24341]: (asterisk) CMD ([ -x /var/www/html/admin/modules/dashboard/scheduler.php ] && /var/www/html/admin/modules/dashboard/scheduler.php)

ie I've tried all of these in a .conf file in /etc/rsyslog.d/ and none work. In fact they seem to stop anything at all appearing in /var/log/cron (until the code is commented out and rsyslog is restarted, when the missing entries mysteriously appear)

Code: Select all

# if $programname == "crond" and ($msg contains "\/var\/www\/html\/admin\/modules\/dashboard\/scheduler") then stop
# if $programname == "asterisk" and ($msg contains "\/var\/www\/html\/admin\/modules\/dashboard\/scheduler") then stop
# if $programname == "asterisk" and ($msg regex "dashboard.*scheduler") then stop

Not sure how to turn on rsyslog debug logging, either.
No clues in /var/log/messages or from running: journalctl -xe
Any ideas out there
Thanks