[rsyslog-notify] Forum Thread: Re: Filtering and forwarding based on message content - (Mode 'reply')

noreply at adiscon.com noreply at adiscon.com
Sat Oct 25 00:24:23 CEST 2014


User: dlang 
Forumlink: http://kb.monitorware.com/viewtopic.php?p=25044#p25044

Message: 
----------
*.info @192.168.2.11

will send all logs of info or higher to the central server on port 514

do you want these logs written locally as well? or only write the logs
locally that you are not going to send?

if you want to write them all locally then what you want is something like:

/var/log/filename
if <condition> then stop
if <condition> then stop
*.info @192.168.2.11

If you only want to write some logs locally, then you put conditions for
writing the local logs, and then use stop to keep any other rules from
matching that log message (throw it away)


More information about the rsyslog-notify mailing list