you can also do fromhost-ip and 127.0.0.1
David Lang
On Wed, 11 Apr 2012, Jacob Steinberger wrote:
Date: Wed, 11 Apr 2012 16:30:47 -0400
From: Jacob Steinberger <[email protected]>
Reply-To: rsyslog-users <[email protected]>
To: rsyslog-users <[email protected]>
Subject: Re: [rsyslog] Catch only the local syslog entries?
Syslog is reported to the local server as the `hostname`. If your hostname is
localhost, it should work - but I doubt that it is. Try the boxes hostname in
the filter instead and see what happens.
Jacob
Quoting Scott Baker <[email protected]>:
I have my rsyslog logging to a bunch of different files from remote
sources, but the local syslog stuff isn't working. Below is my config,
and nothing is showing up in maillog, messages, etc. If I comment out
the line
:source , !isequal , "localhost" ~
Everything ends up in those local files. I'm guessing that filter isn't
what I want to filter out everything isn't from the local box?
----------------------------------------------------------------------------------
#### MODULES ####
$ModLoad imuxsock # provides support for local system logging (e.g. via
logger command)
$ModLoad imklog # provides kernel logging support (previously done by
rklogd)
$ModLoad immark # provides --MARK-- message capability
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
##############################################################################
# Local rules
##############################################################################
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# If the source is not from localhost drop all the packets (they should
have been logged above)
:source , !isequal , "localhost" ~
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
