On Mon, 14 Jun 2010 10:34:08 -0600, Shawn Heisey <[email protected]> wrote: > I am replacing my central monitoring server, which is currently running > syslog-ng, with another based on Debian lenny and its default rsyslog. > The current system logs all remote syslog sources to a separate > directory and splits it out into subdirectories by source host. All > local sources are sent to /var/log like a normal syslog configuration. > This is an extremely easy configuration with syslog-ng. > > With rsyslog, I'm interested in logging all remote sources to only > mysql, and all local sources to the standard files in /var/log. I got > the mysql set up, but everything gets logged to both locations. I'm OK > with local data being in both places, but I definitely do not want the > remote data in /var/log. > > I have been searching the mailing list and trying to understand the > documentation, but I cannot figure this out. Can someone help?
I have a case where i need to do something similar. the first action in rsyslog.conf is :fromhost, isequal, "127.0.0.1" @192.168.1.8;TraditionalForwardFormat & ~ which says that if it's from localhost, write it to the network and do nothing else with the log entry anything that comes from any other server will not match this and fall through to the rest of the actions. David Lang _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
