"Rainer Gerhards" <[email protected]> writes:
>> Just one level deeper. So one level of dynamic directory is created
>> for each client host. Later I'll probably want to spit that a bit more
>
> ... and here is where some information is missing ;) *How* do you want to
> split these logs? I am not sure about this, and so I have no clear idea of
> how a configuration could look like. As there are some limits on the way
> filters can be combined, this is a very important point.
He he... yes it is.. but its missing because I don't have a solid
plan for what I want yet.
I really was only asking about the simple part. I now know how to do
that, and when you see what I was after (for now) you will be
disappointed because its probably to obvious and simple to need to be
in your cook book. It just takes me a while to see how to get
started.
On the client machines:
*.info;mail.none @@192.168.0.26:514
(192.168.0.26 is `logsrv' mentioned below)
On the server:
This template and action is all I was after (for now).
(aside: DDF = Dynamic directory and filename)
$template DDF,"/var/log/%hostname%/%hostname%.log"
if \
$source != 'logsrv' \
then -?DDF
I hope that is at least close to a correct formulation.
I just used the actual host names because I wan't sure which property
provided it .. just the simple alphabetic hostname with no domain.
On thing I didn't see explained in what I've read so far is what role
the question mark in -?DDF plays.
I used it because I saw it used that way in the examples and so far
the formulation seems to be working...(I actually haven't inspected the
logs closely yet.... but a tail -f of the resulting log files would
seem to indicate its working. At least each log appears to be
only from a specific client, and to include everything incoming from
that client.)
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
