Re: [rsyslog] Dynamic file generation issue

Mon, 21 Nov 2022 15:41:49 -0800

Yea, there's other config files in the same directory but nothing references creating a syslog file. Is that a default option? 

Any idea why the logs are being split?

Thanks,

Will

On 21/11/2022 17:21, David Lang wrote:

is that really your entire config, nothing else?

David Lang

On Mon, 21 Nov 2022, Will BMD via rsyslog wrote:


Date: Mon, 21 Nov 2022 17:19:39 +0000
From: Will BMD via rsyslog <rsyslog@lists.adiscon.com>
To: rsyslog@lists.adiscon.com
Cc: Will BMD <w...@brainmeltdown.net>
Subject: [rsyslog] Dynamic file generation issue

Hey all,

I've got a pretty simple configuration as below:

module(load="imudp")
input(type="imudp" port="514")
$template DynaFile,"/var/log/ext/%HOSTNAME%/%timestamp:::date-month%/%timestamp:::date-day%/%timestamp:::date-hour%.log" 
*.* -?DynaFile
This appears to be working but I've noticed this oddity. I'm seeing logs being sent to 2 locations, not duplicates from the looks of it. The first location is the one specified in the template above, the other is being sent to a file called *syslog* in /var/log/syslog. When looking at the logs I'm not seeing any obvious differences between the messages. I want all messages to go where I've defined the dynafile location. Does anyone have any input as to what could be happening? 

Here are some examples:

/var/log/ext/10.10.10.10/11/21$ tail 16.log
Nov 21 16:59:59 10.10.10.10 %ASA-6-106100: access-list inside_access_in denied tcp inside/x.x.x.x(53194) -> outside/x.x.x.x(80) hit-cnt 1 first hit [0xc58201ba, 0x38466015] 

/var/log$ tail syslog
Nov 21 17:01:33 10.10.10.10 %ASA-6-106100: access-list inside_access_in denied tcp inside/x.x.x.x(49548) -> outside/x.x.x.x(443) hit-cnt 1 first hit [0xc58201ba, 0x6838bf3c] 

Thanks,

Will
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. 




_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Reply via email to