[rsyslog-notify] Forum Thread: Trying to split pound logs into two files: HTTP and error - (Mode 'post')
noreply at adiscon.com
noreply at adiscon.com
Thu Sep 24 21:37:37 CEST 2015
User: jackal242
Forumlink: http://kb.monitorware.com/viewtopic.php?p=25956#p25956
Message:
----------
pound uses syslog for it's logs.
In pound you can configure the Facility and Log Level that it passes the
logs to syslog.
Problem is pound puts all the HTTP logs and all the pound error logs into
the same stream. So if you just put a single line to capture the pound
logs down to a file you get a mix of both HTTP GET/POST's requests mixed
with pound server errror messages.
So I wanted to split them into two files. I'm using Amazon Linux 09.2014.
It comes with rsyslog v5.8.
I added the following file to /etc/rsyslog.d/25-pound.conf and restarted
rsyslog. The first rule worked and I'm getting standard HTTP logs, but
the second rule did not. Nothing is going to the error log:
[code:1lmo9rwb]$template HTTPLogs,"%msg%\n"
# HTTP logs from pound
if $programname == 'pound' and $msg contains 'HTTP' then
/var/log/pound-http.log
# Error logs from pound
if $programname == 'pound' and not $msg contains 'HTTP' then
/var/log/pound-error.log
[/code:1lmo9rwb]
Any idea what's wrong?
More information about the rsyslog-notify
mailing list