On Tue, Apr 16, 2013 at 19:07:19 -0700, Paul Fontenot wrote:
> How does rsyslog determine order from the configuration files in
> /etc/rsyslog.d/*.conf?
>
> 10-iptables.conf
> 20-messages.conf
[...]
> :msg, startswith, "IPTABLES (eth0) Drop: " -/var/log/iptables.log
> & ~
> :msg, startswith, "IPTABLES (wlan0) Drop: " -/var/log/iptables.log
> & ~
>
> and I get the entries in both /var/log/iptables and /var/log/messages. So
> far the only way I've found to ensure those entries are only in
> /var/log/iptables is to put them in /etc/rsyslog.conf. Is this the only way
> or am I overlooking something?
You didn't mention which version of rsylog you are using, but most
versions in the 7.2.x and 7.3.x lines have a bug which causes the files
pulled in by a wildcard "include" to be processed in reverse order. The
bug was fixed in 7.2.6 and 7.3.8, so if you can upgrade to a version
later than those that should solve your problem.
If you can't upgrade, you can probably get it to work by renumbering the
rsyslog.d/* files so they are in reverse order (i.e. for each number N,
change the number to 100-N, or something like that). (However, keep in
mind that when you later upgrade to a version that includes the fix
you'll need to switch the filenames back to the expected order.)
Hope that helps.
Nathan
----------------------------------------------------------------------------
Nathan Stratton Treadway - [email protected] - Mid-Atlantic region
Ray Ontko & Co. - Software consulting services - http://www.ontko.com/
GPG Key: http://www.ontko.com/~nathanst/gpg_key.txt ID: 1023D/ECFB6239
Key fingerprint = 6AD8 485E 20B9 5C71 231C 0C32 15F3 ADCD ECFB 6239
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
