[rsyslog] Only log from network devices to database
Sepperlot
sepperlot at googlemail.com
Tue Jan 12 16:16:30 CET 2010
Hello.
I'm trying to log messages from various network devices to rsyslog and
write them into a database.
Therefore I use a setup as described in
http://www.rsyslog.com/doc-rsyslog_mysql.html
My (simple) rsyslog.conf contains the following:
$ModLoad imudp
$UDPServerAddress x.x.x.x
$UDPServerRun 1514 # standard port is used by syslog-ng
$ModLoad ommysql
*.* :ommysql:localhost,DBNAME,DBUSER,DBPASS
This writes all arriving log messages to the database and I can watch
them with phplogcon. Up to here everything is ok and works.
Now I only want to log messages from specific network devices identified
by ip address but I'm totaly lost when it comes to combine filter
conditions and actions. I've tried
:fromhost-ip, isequal "IP.IP.IP.IP" \
:ommysql:localhost,DBNAME,DBUSER,DBPASS
*.* :fromhost-ip, isequal "IP.IP.IP.IP" \
:ommysql:localhost,DBNAME,DBUSER,DBPASS
but obvious this is BS ;)
Goal is to log only network devices and maybe later log different
devices to different databases.
The backslash is added by me only in this mail. The commands are all in
one line.
Any help is appreciated.
Best regards
Sebastian
More information about the rsyslog
mailing list