On Tue, 30 Jul 2024, xover2...@hush.com wrote:
The addition of that line does not appear to have changed what was happening before that line was added. The syslog messages from 192.168.1.200 are still being received and are still being appended to /var/log/messages instead of /var/log/host1.
OK, can you add the hostname to the IP address. For example if 192.168.1.200 shows up as `host1' in /var/log/messages, do: !* +192.168.1.200,host1 *.* /var/log/host1 That seems to do the trick most of the time (except for early boot messages from the remote machine sent using logger(1), which are still logged to _both_ locations for some reason). I think this should also work (provided the "from" isn't a literal IP address!): !* +host1 *.* /var/log/host1 But, I think the prev. version is better as it covers both possibilities. -RVP