Warning produced after running service rsyslog restart.

rsyslogd: warning: ~ action is deprecated, consider using the 'stop' statement instead

• EDR Sever: All Versions
• CentOS: 7.x and above
• RHEL: 7.x and above

This is a warning message emitted when rsyslog starts based on a configuration file with outdated symbols.

In syslog version 6, the tilde (~) was used as a discard action.  In rsyslog version 7, the tilde was replaced with "stop".  

This is usually just a warning and rsyslog starts regardless.   This is not related to EDR services.

• Check the rsyslog config file /etc/rsyslog.conf for tilde symbols.
• Confirm the configuration file contents match rsyslog version installed.