how to filter rsyslog messages by tags

Solution 1:

I've not used if like that (or syslogtag) but I have used :<blah>,<condition> ... (in particular :msg, contains,...) but try

:syslogtag, isequal, "giomanager:" /var/log/giomanager.log
& stop

The & stop (Or, & ~ in rsyslog v6 and older (Such as on RHEL6)) causes the matched message to be discarded after logging otherwise it will be further parsed by other rules.

---

Update: tested and

The syslogtag contains a : and should be enclosed in "" rather than ''

Solution 2:

So I finally found a solution to my problem.

Thank you very much to @lain for leading my way.

The solution as stated before is to include a ':' in the tag name. Also, and this is very important, the file name must be before 50-default.conf in alphabetical order.

To resume, put the following in 30-giomanager.conf :

:syslogtag, isequal, "giomanager:" /var/log/giomanager.log
& stop

Note that the file /var/log/giomanager.log should be writable by the 'syslog' user.