On Tue, Apr 10, 2012 at 11:22:04AM -0700, [email protected] wrote: > On Tue, 10 Apr 2012, [email protected] wrote: > > > hey folks, we are trying to convert from syslog-ng to rsyslog and Im > > having trouble with converting the following types of filters.. > > > > # FWSM traffic logging: > > destination d_fwlog { file("/data/log/fw.log" > > perm(0640) > > template("$DATE $HOST app=$PROGRAM facility=$FACILITY priority=$PRIORITY > > $MSGONLY\n")); > > #template("$DATE $HOST $PROGRAM: [$FACILITY.$PRIORITY] $MSGONLY\n")); > > }; > > log { source(s_sys); source(s_udp); filter(f_local4); destination(d_fwlog); > > }; > > it would help to explain what part of this you are having problems with. > > without knowing the rest of your stuff this will be a guess > > but the first thing to do is to create the template for the output > > $template myformat,"%timereported% %hostname% app=%programname% > facility=%syslogfacility% priority=%syslogpriority% %msg:::drop-last-lf%\n" > > then you can do > > local4.* /data/log/fw.log > > if the only filter that matters is the facility. If you need to do more > complex filters (filtering by source and facility for example), you can > either use the slower if() style filter rules, or use rulesets
ok, my apologies.. the part we are mainly having problems with is trying to filter on the protocol. i.e. tcp or udp.. source(s_udp). we are listening for syslog events on 2 different ports at once and would like to filter all the UDP traffic on port 513 to logfileX and all the traffic on the other port to some other logfile. I hope this makes more sense. thanks/regards, Jason > > > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/
