[rsyslog-notify] Forum Thread: Re: can you use regex to filter fromhost-ip? - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Thu Jan 29 17:00:32 CET 2015
User: mwk at umn.edu
Forumlink: http://kb.monitorware.com/viewtopic.php?p=25216#p25216
Message:
----------
Ok so I have a fix that will work for me. Since the chunk of the /23 that I
DON'T care about is small I just going to do this.
if $fromhost-ip == '192.168.1.238' then /var/log/rsyslog/testgear
&~
if $fromhost-ip == '192.168.1.239' then /var/log/rsyslog/testgear
&~
if $fromhost-ip == '192.168.1.240' then /var/log/rsyslog/testgear
&~
I had been using the &~ at the end of the stanza that dealt with the test
gear but it didn't seem to be work. Googling around I finally read the
piece of documentation that says you put the &~ where you want rsyslogd to
stop processing this message and voila it works just like I need it to.
The messages for prod $if-fromhost-ip startswith 192.168.1. go to the prod
syslog file and the test stuff goes to the test syslog file. Yeah!!!
More information about the rsyslog-notify
mailing list