How to use if else condition in rsyslog on RHEL6?

Solution Verified - Updated -

Issue

  • How to use if else in rsyslog where any authpriv message from local host contains "SecurityLog" word then do something ... ?

  • rsyslog is giving below errors while restarting the rsyslog service.

rsyslogd: the last error occured in /etc/rsyslog.d/security.conf, line 40:"if $msg contains 'SecurityLog' then "
rsyslogd: warning: selector line without actions will be discarded
rsyslogd-3000: unknown facility name "action(authpriv" [try http://www.rsyslog.com/e/3000 ]

Environment

  • Red Hat Enterprise Linux (RHEL) 6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content