Yes, you can split logs any way that you want
you can either do this with multiple filter rules
user.* /var/log/user.log
kernel.* /var/log/kernel.log
or you could do it with a dynafile filename template.
I suspect that the first approach is going to be faster.
David Lang
On Tue, 10 Apr 2012, Usman Ahmad wrote:
Thanks, I will try to use a newer version. One more question though, is it
possible to split incoming log messages on per facility basis, instead of
dumping them all in one file, using templates? like e.g., user.log,
kern.log, etc.
On Tue, Apr 10, 2012 at 5:39 PM, Rainer Gerhards
<[email protected]>wrote:
No, 5.3.2: http://www.rsyslog.com/doc/imudp.html
-----Original Message-----
From: [email protected] [mailto:rsyslog-
[email protected]] On Behalf Of Usman Ahmad
Sent: Tuesday, April 10, 2012 5:39 PM
To: rsyslog-users
Subject: Re: [rsyslog] ruleset not working
I see this in the docs: *imtcp: Multi-Ruleset Support: *since 4.5.0 and
5.1.1, is same true for UDP?
Referring this: http://www.rsyslog.com/doc/imtcp.html
On Tue, Apr 10, 2012 at 5:12 PM, Rainer Gerhards
<[email protected]>wrote:
-----Original Message-----
From: [email protected] [mailto:rsyslog-
[email protected]] On Behalf Of Usman Ahmad
Sent: Tuesday, April 10, 2012 5:12 PM
To: rsyslog-users
Subject: Re: [rsyslog] ruleset not working
I get this:
Apr 10 17:02:42 host3 rsyslogd-3003: invalid or yet-unknown config
file
command - have you forgotten to load a module? [try
http://www.rsyslog.com/e/3003 ]
Apr 10 17:02:42 host3 rsyslogd: the last error occured in
/etc/rsyslog.conf, line 20:"$InputUDPServerBindRuleset Remote"
Apr 10 17:02:42 host3 rsyslogd-2124: CONFIG ERROR: could not
interpret
master config file '/etc/rsyslog.conf'. [try
http://www.rsyslog.com/e/2124 ]
I am running rsyslog 4.6.2, build the RPM from source on Scientific
Linux
(SL 5.7).
Yup, sorry, it's too old. You either need to install from source or
use on
of
the workarounds that are described on the doc page that describes
ruleset
use.
Rainer
Usman
On Tue, Apr 10, 2012 at 5:00 PM, Rainer Gerhards
<[email protected]>wrote:
Do you have any errors from rsyslogd during startup? It might be
that
the
version you use does not support that feature...
Rainer
-----Original Message-----
From: [email protected] [mailto:rsyslog-
[email protected]] On Behalf Of Usman Ahmad
Sent: Tuesday, April 10, 2012 4:55 PM
To: [email protected]
Subject: [rsyslog] ruleset not working
Hi,
I am trying to use the rulesets to log remote logs into a
separate
file
(rsyslog 4.6.2).
The conf looks like this:
================================
$ModLoad imtcp # Provides TCP syslog reception
$ModLoad imudp.so # Provides UDP syslog reception
$ModLoad imuxsock.so # provides support for local system
logging
(e.g.
via logger command)
$ModLoad imklog.so # provides kernel logging support
(previously
done
by rklogd)
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$template RMH,"/var/log/rsyslog/%HOSTNAME%/rsyslog.log"
*.info;mail.none;authpriv.none;cron.none
/var/log/messages
authpriv.*
/var/log/secure
mail.* -
/var/log/maillog
cron.*
/var/log/cron
*.emerg *
uucp,news.crit
/var/log/spooler
local7.*
/var/log/boot.log
$RuleSet Remote
*.* ?RMH
$InputUDPServerBindRuleset Remote
$UDPServerRun 514
================================
I am sending everything from the client to this server @ port
514.
The
server receives the messages in /var/log/messages instead of
the
defined
template RMH.
If I remove $Ruleset Remote, all messages go into RMH temlate
destination.
I am following this:
http://www.rsyslog.com/doc/multi_ruleset.html.
Am I missing something?
Thanks.
Usman
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
--
Usman Ahmad Malik
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
--
Usman Ahmad Malik
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
