Hi mate, I use your conf but I encounter more serious problem:
Feb 28 21:22:11 server rsyslogd-2051: syntax error in expression [try http://www.rsyslog.com/e/2051 ] Feb 28 21:22:11 server rsyslogd: the last error occured in /etc/rsyslog.conf, line 34:"if (%source != 'localhost' or %source != 'server') then ?DynFile" Feb 28 21:22:11 server rsyslogd: warning: selector line without actions will be discarded Feb 28 21:22:11 server rsyslogd-2124: CONFIG ERROR: could not interpret master config file '/etc/rsyslog.conf'. [try http://www.rsyslog.com/e/2124 ] And /var/log/system-server.log won't create but all other machines logs will write to /var/log/messages in the host "server", not the separated logs. Do you have any idea to fix that? Regards, Eric On Tue, Mar 1, 2011 at 9:49 AM, <[email protected]> wrote: > On Tue, 1 Mar 2011, Lee Eric wrote: > >> Sorry, mate. As you mentioned the log file /var/log/system-server.log >> will be created in the host "server" and throw away its other logs. >> But what I want is the logs in the host "server" will write to its >> original places in /var/log/messages etc., not recreated a >> system-server.log to record logs. >> >> By now, all host "server" logs will write to >> /var/log/system-server.log and other original logging places are not >> written by using my rules. So I hope there will be a way to fix that. >> The host "server" is rsyslog server. > > Ok, that's what I missed. > > you need to change your test to be something like the following (probably > slightly incorrect) test > > if (%source != 'localhost' or %source != 'server') then ?DynFile > > and if you want it in the file system-server.log as well, add an entry below > that that does > > *.* /var/log/system-server.log > > David Lang > >> Thanks, >> >> Eric >> >> On Tue, Mar 1, 2011 at 5:38 AM, <[email protected]> wrote: >>> >>> On Mon, 28 Feb 2011, Lee Eric wrote: >>> >>>> Hi, >>>> >>>> I have a question about separate logs order configuration. I have 4 >>>> machines with hostnames server, storage, client1 and client2. The >>>> rsyslogs is running at server. The configuration looks like that: >>>> >>>> $ModLoad imuxsock.so # provides support for local system logging >>>> (e.g. >>>> via logger command) >>>> $ModLoad imklog.so # provides kernel logging support (previously >>>> done >>>> by rklogd) >>>> $ModLoad imtcp.so >>>> $InputTCPServerRun 514 >>>> $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat >>>> $template DynFile,"/var/log/system-%HOSTNAME%.log" >>>> :source , !isequal , "localhost" ?DynFile >>>> & ~ >>>> *.info;mail.none;authpriv.none;cron.none >>>> /var/log/messages >>>> authpriv.* /var/log/secure >>>> mail.* >>>> -/var/log/maillog >>>> cron.* /var/log/cron >>>> *.emerg * >>>> uucp,news.crit /var/log/spooler >>>> local7.* >>>> /var/log/boot.log >>>> >>>> And in other machines the configuration looks like this: >>>> >>>> >>>> $ModLoad imuxsock.so # provides support for local system logging >>>> (e.g. >>>> via logger command) >>>> $ModLoad imklog.so # provides kernel logging support (previously >>>> done >>>> by rklogd) >>>> $ModLoad imtcp.so >>>> $InputTCPServerRun 514 >>>> $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat >>>> *.* @@server.herdingcat.internal >>>> *.info;mail.none;authpriv.none;cron.none >>>> /var/log/messages >>>> authpriv.* /var/log/secure >>>> mail.* >>>> -/var/log/maillog >>>> cron.* /var/log/cron >>>> *.emerg * >>>> uucp,news.crit /var/log/spooler >>>> local7.* >>>> /var/log/boot.log >>>> >>>> /var/log/system-storage.log, /var/log/system-client1.log, >>>> /var/log/system-client2.log created successfully and it works well but >>>> there's also a log file /var/log/system-server.log created. I hope >>>> server's log is still recorded under /var/log/messages not separated. >>>> So I'm wondering is there any good method to achieve that function? >>> >>> I don't really understand your question here. >>> >>> the second configuration doesn't seem to have any dynafile lines, so it >>> sounds like you are asking about the first one. >>> >>> In the first one you are saying that for any server other than localhost, >>> put the logs in a file /var/log/system-name.log and then throw them away >>> (don't put them in any other logfile) >>> >>> so if you get a log entry from a machine called 'server' it would create >>> the >>> fiel /var/log/system-server.log and then throw away the log. >>> >>> could you please try restating your what you think is being done >>> differently >>> from what you are wanting? >>> >>> David Lang4 >>> _______________________________________________ >>> rsyslog mailing list >>> http://lists.adiscon.net/mailman/listinfo/rsyslog >>> http://www.rsyslog.com >>> >> _______________________________________________ >> rsyslog mailing list >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com > > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
