[rsyslog-notify] Forum Thread: Rsyslog Message duplicates - (Mode 'post')

noreply at adiscon.com noreply at adiscon.com
Wed Mar 5 02:47:49 CET 2014 

User: nooblinux 
Forumlink: http://kb.monitorware.com/viewtopic.php?p=24302#p24302

Message: 
----------
here is my rsyslog client conf Rhel 6, rsyslog 5.8

#### MODULES ####

$ModLoad imuxsock # provides support for local system logging (e.g. via
logger command)
$ModLoad imklog   # provides kernel logging support (previously done by
rklogd)
#$ModLoad immark  # provides --MARK-- message capability

# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514

# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514

# Provides TCP forwarding. The IP is the server's IP address
*.* @@10.1.3.109:514


#Apache Access File:

$ModLoad imfile
$InputFileName /var/log/httpd/access.log combined
$InputFileTag apache-access:
$InputFIleStateFile stat-apache-access
$InputFileSeverity info
$InputRunFileMonitor

#Apache Error File:
$ModeLoad imfile
$InputFileName /var/log/httpd/error.log
$InputFileTag apache-errors:
$InputFileStateFile stat-apache-error
$InputFileSeverity error
$InputRunFileMonitor


$InputFilePollInterval 10


#### GLOBAL DIRECTIVES ####

# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat


# File syncing capability is disabled by default. This feature is usually
not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on

# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf


#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  /var/log/maillog


# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 *

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log


The problem is when rsyslog service is turned on i get apache error/access
entries in my /var/log/messages file. Any help on how i can stop the apache
log entries into the messages file?

More information about the rsyslog-notify mailing list