[rsyslog] what happens if you have multiple selectors pointing at one file
david at lang.hm
david at lang.hm
Sat Sep 5 04:04:59 CEST 2009
I ahve a config file that fixes up broken syslog messages that has the
following
$template fixsnareFormat,"%timereported% %HOSTNAME% MSWinEventLog %syslogtag%%msg:18:$:drop-last-lf%\n"
$template fixsnareForwardFormat,"<%pri%>%timereported% %HOSTNAME% MSWinEventLog %syslogtag%%msg:18:$:drop-last-lf%\n"
$template TraditionalFormat,"%timereported% %HOSTNAME% %syslogtag%%msg:::drop-last-lf%\n"
$template TraditionalForwardFormat,"<%pri%>%timereported% %HOSTNAME% %syslogtag%%msg:::drop-last-lf%\n"
#$template TraditionalFormat,"%timegenerated% %syslogtag%%msg:::drop-last-lf%\n"
:syslogtag, startswith, "MSWinEventLog#011" *.* /var/log/messages;fixsnareFormat
& @192.168.210.8;fixsnareForwardFormat
& ~
*.* /var/log/messages;TraditionalFormat
*.* @192.168.210.8;TraditionalForwardFormat
the upstream box is seeing things as I would expect, but the local
/var/log/messages file is not
is it incorrect to have two entries that both write to /var/log/messages?
David Lang
More information about the rsyslog
mailing list