[rsyslog-notify] Forum Thread: Forward all logs and do not retain locally - (Mode 'post')
noreply at adiscon.com
noreply at adiscon.com
Fri Aug 22 07:05:48 CEST 2014
User: aaa123
Forumlink: http://kb.monitorware.com/viewtopic.php?p=24862#p24862
Message:
----------
Hi,
Use case I have
1. Forward all logs (the default system log & any log that we monitor/ship
out) to a remote rsyslog server. The default system log (ie auth.log)
should also stay locally as well (for auditing purpose such as who logs in
and out..)
And
2. Do not retain the content of xyz.log being monitored locally to any
/var/log/messages, /var/log/debug, /var/log/syslog files.
[code:3cparb8v]
...
$InputFileName /opt/mytest/xyz.log
$InputFileTag MYTEST_xyz
$InputFileStateFile stat-MYTEST_xyz
$InputFileSeverity debug
$InputFileFacility local3
$InputRunFileMonitor
#Remote server and port
*.* @@11.12.133.144:10514
if $syslogfacility-text == 'local3' then
@@11.12.133.144:10514
&~
[/code:3cparb8v]
Right now, the code does what we want..BUT we have duplicated data (xyz.log
is consolidated twice), because we sent it twice...How do I filter out the
dup?
Thanks a lot
More information about the rsyslog-notify
mailing list