yes, you cn create a ruleset for an input and then have it contain a rule for a
specific host, or you can call a ruleset after an if statement
I don't understand fully what you are trying to do that makes this hard.
do you have an example of a config that you think should work that doesn't?
David Lang
On Tue, 16 Mar 2021, Scott Slattery via rsyslog wrote:
Date: Tue, 16 Mar 2021 13:48:20 -0700
From: Scott Slattery via rsyslog <[email protected]>
To: rsyslog-users <[email protected]>
Cc: Scott Slattery <[email protected]>
Subject: [rsyslog] Ruleset on IMTCP (or IMPTCP)
Is it possible to selectively apply a dynamic file template to input from
IMTCP based on a specific host like the following?
##### Rule ####
if $fromhost-ip == '10.40.83.207' then {
action(type="omfile" dynafile="RemoteServer1")
stop
}
input(type="imptcp" port="10514" ruleset="RemoteServer")
##### End Rule ####
My log files are on a central log collector (where this rule is applied)
but it doesn't seem to be working. No error in when I validate syntax but
no logfiles as expected.
Since my central log collector is behind a firewall, I can't easily (nor
quickly) add an additional bind port with another input so I'm trying to
prototype the above logic using a rule.
I also don't want to apply the rule to every incoming TCP logfile until I
have performed this validation.
Any guidance is much appreciated.
*Scott Slattery*
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
