On 1/17/2010 5:50 PM, Ralph Crongeyer wrote: > # Firewall logs # > $template DynFwall,"/var/log/server-logs/firewall/%HOSTNAME%.log" > *.* :fromhost-ip, isequal, "192.168.1.1" -?DynFwall > > But I just getting this error in /var/log/syslog: > > Jan 17 16:49:47 log rsyslogd: [origin software="rsyslogd" > swVersion="4.4.2" x-pid="12540" x-info="http://www.rsyslog.com";] (re)start > Jan 17 16:49:47 log rsyslogd: the last error occured in > /etc/rsyslog.d/remote-logs.conf, line 10 > Jan 17 16:49:47 log rsyslogd: warning: selector line without actions > will be discarded > Jan 17 16:49:47 log rsyslogd: the last error occured in > /etc/rsyslog.conf, line 48 > Jan 17 16:49:47 log rsyslogd-2124: CONFIG ERROR: could not interpret > master config file '/etc/rsyslog.conf'. [try http://www.rsyslog.com/e/2124 ] > > I'm trying to log all logs from my IPCop host to > "/var/log/server-logs/firewall/%HOSTNAME%.log" .
I tried for 1.5 days to figure this out cutting and pasting examples left and right. Finally I came up with the following with works well for me, you should be able to tweak it slightly for yourself. $template by_prog,"/var/log/rws/%programname%.log" :programname, regex, "^pxy.*rc\." ?by_prog & :omrelp:cl.dca1.rws:2514 & ~ Just sub out %programname% for %HOSTNAME% -- ------------------------------------------------------------------------ 1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70 3F8C 75B8 8FFB DB9B 8C1C Philip M. Gollucci ([email protected]) c: 703.336.9354 VP Apache Infrastructure; Member, Apache Software Foundation Committer, FreeBSD Foundation Sr. System Admin, Ridecharge Inc. Consultant, P6M7G8 Inc. Work like you don't need the money, love like you'll never get hurt, and dance like nobody's watching. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
