[rsyslog] what happens if you have multiple selectors pointing at one file
david at lang.hm
david at lang.hm
Sat Sep 5 08:03:23 CEST 2009
On Fri, 4 Sep 2009, david at lang.hm wrote:
> I ahve a config file that fixes up broken syslog messages that has the
> following
>
> $template fixsnareFormat,"%timereported% %HOSTNAME% MSWinEventLog %syslogtag%%msg:18:$:drop-last-lf%\n"
> $template fixsnareForwardFormat,"<%pri%>%timereported% %HOSTNAME% MSWinEventLog %syslogtag%%msg:18:$:drop-last-lf%\n"
> $template TraditionalFormat,"%timereported% %HOSTNAME% %syslogtag%%msg:::drop-last-lf%\n"
> $template TraditionalForwardFormat,"<%pri%>%timereported% %HOSTNAME% %syslogtag%%msg:::drop-last-lf%\n"
> #$template TraditionalFormat,"%timegenerated% %syslogtag%%msg:::drop-last-lf%\n"
> :syslogtag, startswith, "MSWinEventLog#011" *.* /var/log/messages;fixsnareFormat
> & @192.168.210.8;fixsnareForwardFormat
> & ~
> *.* /var/log/messages;TraditionalFormat
> *.* @192.168.210.8;TraditionalForwardFormat
>
>
> the upstream box is seeing things as I would expect, but the local
> /var/log/messages file is not
>
> is it incorrect to have two entries that both write to /var/log/messages?
never mind, I just spotted the extra *.* in there (nothing was reported
when starting up)
David Lang
More information about the rsyslog
mailing list