On 2018-06-12 14:31, Joe Blow wrote:
> I think the last line should look more like this as well:
> *.* local7.none @bleh;output_template_format
>
> Cheers,
>
> JB
>
> On Tue, Jun 12, 2018 at 4:28 PM, Joe Blow <[email protected]> wrote:
>
> You're close... Try this:
>
> if ($syslogtag == "file1") then { action(type="omfwd" Target="bleh"
> Port="6514" Protocol="udp") stop }
> if ($syslogtag == "file2") then { action(type="omfwd" Target="bleh"
> Port="5514" Protocol="udp") stop }
> if ($syslogtag == "file3") then { action(type="omfwd" Target="bleh"
> Port="8514" Protocol="tcp") stop }
>
> *.*;local7.none @bleh
>
> James i didn't know you were doing rsyslog.... we could have been hanging out
> months ago...
>
> Cheers,
>
> JB
>
> On Tue, Jun 12, 2018 at 4:13 PM, James Lay <[email protected]> wrote:
> On 2018-06-12 12:40, David Lang wrote:
> On Tue, 12 Jun 2018, James Lay wrote:
>
> Here as well, all information from file1 and file2 show up in
> /var/log/messages. How can I tell rsyslog to not log the additional files to
> the actual syslog/messages file? Thank you.
> you either need to filter the messages before the line that writes to
> the messages file (match them and issue a stop), or you need to have
> the imfile inputs call a specific ruleset that only has what you want
> to happen to those files instead of letting them be handled by the
> default ruleset.
Thank you....I'm familiar with filtering out messages by say content,
but I've not used them in a action rule before. What I am confused on
is where to put the stop. So, something like?
if ($syslogtag == "file1") then { action(type="omfwd" Target="bleh"
Port="6514" Protocol="udp" stop) } else
if ($syslogtag == "file2") then { action(type="omfwd"
Target="bleh" Port="5514" Protocol="udp" stop) } else
if ($syslogtag == "file3") then { action(type="omfwd"
Target="bleh" Port="8514" Protocol="tcp" stop) } else {
*.*;local7.none @bleh
}
My fear is that the message would not get logged to, in the above case,
the remove syslog server bleh. Clearly this is me not knowing how this
all works. Thanks again.
James
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog [1]
http://www.rsyslog.com/professional-services/ [2]
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
Brilliant...thanks JB will put these to the test. And LOL...yea...l
guess I have my fingers in a fair amount of internet pie's ;)
James
Links:
------
[1] http://lists.adiscon.net/mailman/listinfo/rsyslog
[2] http://www.rsyslog.com/professional-services/
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
