On Sun, 15 Mar 2009, Julian Yap wrote: > I'm having trouble logging ALL the syslog messages received from a > server. I'm not sure if it's because it's from a non-standard piece > of hardware (ie. not a Linux server). Logging to another server > running syslogd works fine (but syslogd doesn't allow me to log > messages from a remote server to a separate file and it's not my > central syslogd server). > > I've tried several lines but none seem to work for me: > if $fromhost == 'server' then /var/log/remote/server/all > if $source == 'server' then /var/log/remote/server/all > :FROMHOST, isequal, "server" /var/log/remote/server/all > if $fromhost == 'server.domain.com' then /var/log/remote/server/all > if $fromhost-ip == '192.168.0.60' then /var/log/remote/server/all
there are a few possible reasons that this could have problems is it that you have a high volume of logs and some just get dropped? if you just write everything to a file (*.* /var/log/test) does it have all the logs from this server? or is it missing some? do the logs from this server sometimes include the host and sometimes not? what is different between the logs that you match and the ones that you miss? David Lang _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
