Hi,
We try to centralize logs of approximately twenty servers to
one host with rsyslogd.
The rsyslog server run under RedHat RHEL 5.5 with the rsyslog package of
RedHat (3.22.1-3el5_5.1).
For the ease of maintenance, we prefer to keep the redhat package if
possible.
We want to distibute logs in differents files according to the
hostname of the sender, the facility or the program name.
We try to use filtering by properties and by expression with no luck...
I think this is because our rsyslog version is too old. But can someone
confirm this ?
I try things like this :
:hostname, startswith, "XXXX";programname, isequal, "nginx"
-?DynFileZMProxyNginx
& ~
:hostname, startswith, "XXXX";:programname, isequal, "nginx"
-?DynFileZMProxyNginx
& ~
if $hostname startswith "XXXX" and $programname isequal "nginx" then
-?DynFileZMProxyNginx
& ~
if $hostname startswith "XXXX" and $programname == "nginx" then
-?DynFileZMProxyNginx
& ~
I always obtain a 'CONFIG ERROR' from rsyslog.
rsyslogd is running with option "-c3"
Is my rsyslog version too old, or do I misunderstand filters usages ?
Is there an other solution for doing the filtering ?
Best regards
David
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
