Re: [rsyslog] filtering fromhost-ip to ommysql

Thu, 11 Nov 2010 15:38:41 -0800 

On Thu, 11 Nov 2010, kevin wrote:


Hello,

I am trying to filter only specific remote rsyslog hosts to send the data to
my ommysql database. Currently the following configuration directive
produces an error :

*.*:fromhost-ip, isequal, "xx.xx.xx.xx"
:ommysql:127.0.0.1,Syslog,loguser,logpassword


as John points out, having the *.* at the beginning of the line is wrong.

there are four types of ways to define output lines in rsyslog

last match (do this if the last test matched)
i.e.
& /var/log/messages

facility.severity (i.e. traditional syslog)
i.e.
*.* /var/log/messages

property tests
i.e.
:fromhost, isequal, "value" /var/log/messages

scripted
i.e.
if ($fromhost eq "value") /var/log/messages

the later items are slower than the earlier ones.
you combined two types of entries (a common mistake), and the result will not work.
what I would do is first fix the problem, and then attempt a simplified version to make sure you have the test correct, writing to a file, before you add in the database complexity. 

so try:

:fromhost-ip, isequal, "xx.xx.xx.xx" /var/log/test

then try adding the database piece.

Davi dLang




The errors I get :

rsyslogd: unknown priority name "*:fromhost-ip" [try
http://www.rsyslog.com/e/3000 ]
rsyslogd: the last error occured in /etc/rsyslog.conf, line
143:"*.*:fromhost-ip, isequal, "xx.xx.xx.xx"
:ommysql:127.0.0.1,Syslog,loguser,logpassword "
rsyslogd: warning: selector line without actions will be discarded
rsyslogd: CONFIG ERROR: could not interpret master config file
'/etc/rsyslog.conf'. [try http://www.rsyslog.com/e/2124 ]


There is nothing in the rsyslog manual pages that specify exactly HOW you
can go about doing this. I just want to filter out specific hosts from
sending the syslog data to my mysql database.

Any help is greatly appreciated!

Thanks,

Kevin


_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com


_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com

Reply via email to