On Tue, 10 Apr 2012, [email protected] wrote:
On Tue, Apr 10, 2012 at 11:22:04AM -0700, [email protected] wrote:
On Tue, 10 Apr 2012, [email protected] wrote:
hey folks, we are trying to convert from syslog-ng to rsyslog and Im
having trouble with converting the following types of filters..
# FWSM traffic logging:
destination d_fwlog { file("/data/log/fw.log"
perm(0640)
template("$DATE $HOST app=$PROGRAM facility=$FACILITY priority=$PRIORITY
$MSGONLY\n"));
#template("$DATE $HOST $PROGRAM: [$FACILITY.$PRIORITY] $MSGONLY\n"));
};
log { source(s_sys); source(s_udp); filter(f_local4); destination(d_fwlog); };
it would help to explain what part of this you are having problems with.
without knowing the rest of your stuff this will be a guess
but the first thing to do is to create the template for the output
$template myformat,"%timereported% %hostname% app=%programname%
facility=%syslogfacility% priority=%syslogpriority% %msg:::drop-last-lf%\n"
then you can do
local4.* /data/log/fw.log
if the only filter that matters is the facility. If you need to do more
complex filters (filtering by source and facility for example), you can
either use the slower if() style filter rules, or use rulesets
ok, my apologies.. the part we are mainly having problems with is trying to
filter on the protocol.
i.e. tcp or udp.. source(s_udp).
we are listening for syslog events on 2 different ports at once and would like
to filter all the UDP traffic on
port 513 to logfileX and all the traffic on the other port to some other
logfile. I hope this makes more sense.
rulesets were made for this. create a different ruleset for each and bind
the ruleset to the listener.
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
