[rsyslog] Central loghost using RHEL5.2 rsyslog
Elisamuel Resto
samuel at dragonboricua.net
Thu Jun 5 23:59:07 CEST 2008
Kielek, Samuel wrote:
> Thanks, but I still don't know how to separate out the local and remote
> logs. I tried using expression based filters but didn't have much
> success. For example these config lines:
>
> # Log remotely generated authpriv messages to /syslog
> $template r_secure,
> "/syslog/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/secure.log"
> if $source != 'localhost' and $syslogfacility-text == 'authpriv' then
> -?r_secure
>
> Cause these errors:
>
> Jun 5 14:24:27 ncldl38011 rsyslogd:unknown priority name ""
> Jun 5 14:24:27 ncldl38011 rsyslogd:the last error occured in
> /etc/rsyslog.conf, line 25
> Jun 5 14:24:27 ncldl38011 rsyslogd:warning: selector line without
> actions will be discarded
>
> Not sure if it's something with my syntax or is it just that this
> version of rsyslog doesn't (fully) support this. I'm assuming it's not
> supported since the error seems to indicate that it is interpreting that
> expression filter line as a standard selector type filter.
>
> Thanks,
> Sam
</snip>
Have you seen this:
http://wiki.rsyslog.com/index.php/Sysklogd_drop-in_with_remote_logs_separated_by_dynamic_directory
--
Elisamuel Resto <samuel at dragonboricua.net>
Source Mage Developer / http://sourcemage.org
GPG KEY: 18615F19 / http://simplysam.us
More information about the rsyslog
mailing list