[rsyslog] Noob log filtering question
Siddhartha Jain
sjain at silverspringnet.com
Fri Dec 4 22:26:27 CET 2009
I am setting up a relay such that the relay should:
- Log locally generated messages locally (as syslog did)
- Log all, received over the network and local logs, to a remote server.
How do I create a filter/template such that logs originating from
imuxsock, imklog and src-ip:127.0.0.1 are sent to local files to match
these:
*.info;mail.none;authpriv.none;cron.none
/var/log/messages
authpriv.* /var/log/secure
mail.*
-/var/log/maillog
cron.* /var/log/cron
*.emerg *
local7.*
/var/log/boot.log
kern.debug
/var/adm/syslog.dated/kern.log
user.debug
/var/adm/syslog.dated/user.log
daemon.debug
/var/adm/syslog.dated/daemon.log
auth.crit;syslog.debug
/var/adm/syslog.dated/syslog.log
kern.debug
/var/adm/messages
kern.debug
/dev/console
*.emerg
*
Something like
"If (inputmodule == imuxsock || inputmodule == imklog || src-ip ==
127.0.0.1) && (facility == cron) && (severity == *)
then log-to file /var/log/cron.log"
Thanks,
Siddhartha
More information about the rsyslog
mailing list