On Tue, 10 Apr 2012, [email protected] wrote:
hey folks, we are trying to convert from syslog-ng to rsyslog and Im
having trouble with converting the following types of filters..
# FWSM traffic logging:
destination d_fwlog { file("/data/log/fw.log"
perm(0640)
template("$DATE $HOST app=$PROGRAM facility=$FACILITY priority=$PRIORITY
$MSGONLY\n"));
#template("$DATE $HOST $PROGRAM: [$FACILITY.$PRIORITY] $MSGONLY\n"));
};
log { source(s_sys); source(s_udp); filter(f_local4); destination(d_fwlog); };
it would help to explain what part of this you are having problems with.
without knowing the rest of your stuff this will be a guess
but the first thing to do is to create the template for the output
$template myformat,"%timereported% %hostname% app=%programname%
facility=%syslogfacility% priority=%syslogpriority% %msg:::drop-last-lf%\n"
then you can do
local4.* /data/log/fw.log
if the only filter that matters is the facility. If you need to do more
complex filters (filtering by source and facility for example), you can
either use the slower if() style filter rules, or use rulesets
David Lang
any help appeciated.
Jason
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
