On Tue, 30 Jul 2024, xover2...@hush.com wrote:

The addition of that line does not appear to have changed what was happening 
before that line was added. The syslog messages from 192.168.1.200 are still 
being received and are still being appended to /var/log/messages instead of 
/var/log/host1.


OK, can you add the hostname to the IP address. For example if 192.168.1.200
shows up as `host1' in /var/log/messages, do:

!*
+192.168.1.200,host1
*.*             /var/log/host1

That seems to do the trick most of the time (except for early boot messages
from the remote machine sent using logger(1), which are still logged to _both_
locations for some reason).

I think this should also work (provided the "from" isn't a literal IP
address!):

!*
+host1
*.*             /var/log/host1

But, I think the prev. version is better as it covers both possibilities.

-RVP

Reply via email to