I've recently setup two new redundant rsyslog servers to replace the single server I previously had. Unfortunately, not all clients out there can log to two locations. In order to get said client's syslog messages to both servers, I've left the original single server in place, and using the omudpspoof module, I am relaying all incoming messages to both of the new servers.
What I haven't yet been able to figure out is how to write log files for all messages from localhost into the appropriate kern.log, auth.log, mail.log, etc.. and only forward messages from other hosts - ie: not write them to log files locally. I've found :fromhost-ip, isqual directive, but that only writes to one file. Essentially the local I'm looking for is something like: if fromhost-ip isequal "127.0.0.1" then auth,authpriv.* /var/log/auth.log kern.* /var/log/kern.log mail.* /var/log/mail.log cron.* /var/log/cron.log *.debug;auth,authpriv,kern,mail,cron.none /var/log/messages daemon.* /var/log/daemon.log local7.* /var/log/boot.log mark.* /dev/console *.emerg * else #### Mirror to scribe1 $ModLoad omudpspoof $ActionOMUDPSpoofTargetHost x.y.z.123 *.* :omudpspoof: #### mirror to scribe2 $ActionOMUDPSpoofTargetHost x.y.z.219 *.* :omudpspoof: fi Has anyone else done similar and/or can provide some guidance on how to accomplish this? -- Rick Brown Office of Information Technology Georgia Institute of Technology _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards
