I want to forward all messages to a remote syslog server, but only not the kern facility. Is that possible?
I read the manpage and find only filter for whitelist, not for blacklist.
many thanks
Karsten
That can be achieved quite easily, but without telling me what version you are using, or which syntax you want to work with (there are 3 types in rsyslog, rainerscript being the newest). Generally, I would say it would be easiest to do this with the traditional rsyslog config syntax, and you could do it with something like:
*.*;auth,authpriv.none @@rsyslog;RFC3164fmt
Here we are saying:
*.* Send everything
auth,authpriv.none Except auth and authpriv
@@rsyslog send to host "rsyslog" with TCP (defined by using@@, using @ would send via UDP)
RFC3164fmt Send using the RFC3164fmt format template