[rsyslog-notify] Forum Thread: from host exclusion - (Mode 'post')
noreply at adiscon.com
noreply at adiscon.com
Thu Oct 2 12:15:34 CEST 2014
User: jdc
Forumlink: http://kb.monitorware.com/viewtopic.php?p=24968#p24968
Message:
----------
Hello,
il can't succeed to write a correct rule to exclude logging every access
notifications (mostly ssh) from a specific host (192.168.200.111)
to/var/log/secure.
It seems my fromhost-ip command doesn't work.
Here is my rsyslog.conf file :
[code:3665f7u0]
#### MODULES ####
ModLoad imuxsock.so
ModLoad imklog.so
#### GLOBAL DIRECTIVES ####
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
if $fromhost-ip == '192.168.200.111' then ~
&~
#### RULES ####
*.info;mail.none;authpriv.none;cron.none
/var/log/messages
authpriv.* /var/log/secure
mail.*
-/var/log/maillog
cron.* /var/log/cron
*.emerg *
uucp,news.crit
/var/log/spooler
local7.*
/var/log/boot.log
local1.*
-/var/log/ldap.log
local0.*
/var/log/backup.log
$WorkDirectory /var/spool/rsyslog # where to place spool files
$ActionQueueFileName fwdRule1 # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
$ActionQueueType LinkedList # run asynchronously
$ActionResumeRetryCount -1 # infinite retries if host is down
local4.*;*.err;*.alert;*.emerg;*.crit
@192.168.200.111:514
[/code:3665f7u0]
Thnaks for helping,
J
More information about the rsyslog-notify
mailing list