[rsyslog-notify] Forum Thread: Filter and copy some to other server? - (Mode 'post')
noreply at adiscon.com
noreply at adiscon.com
Thu Apr 24 23:27:35 CEST 2014
User: ksuuk
Forumlink: http://kb.monitorware.com/viewtopic.php?p=24580#p24580
Message:
----------
Hello.
Rsyslog (rsyslog-5.8.10-8.el6.x86_64) is running as server. Incoming logs
are saved first per host and later all into one file:
$template FILENAME,"/var/log/hosts/%HOSTNAME%/syslog.log"
*.* ?FILENAME
$template RemoteHost,"/var/log_arhiiv/syslog.log"
if ($hostname != 'syslog.internal') then ?RemoteHost
& ~
But now I have needs to make filter, which sends match to external syslog
server. So I added into /etc/rsyslog.d/00-forward.conf
if $hostname contains 'list' and $msg contains 'extra' then
@syslog2.internal
This filter works so, that previous locations doesn't get any info. So how
to copy filter match, to external server, and also save logs locally?
More information about the rsyslog-notify
mailing list