On Wed, 6 Mar 2013, Clayton Dukes wrote:
Hiya folks :-)
I have a server running rsyslog v5.8.1
I need to check all incoming messages against a list of IP's .
If the IP's match, then forward only severity level 0-2 to another host. If
they don't match, then forward sev 0-6.
...Note that the list of IP's would be a combination of individual host
ip's as well as ranges.
I also need a list using hostnames that begin with "cv" for the same
forwarding rule.
Can someone help me with this config, I'm new to rsyslog but I don't see
anything in the docs for this (I also couldn't seem to find docs for 5.8.1).
What I have now:
# provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
# provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
Forward all
*.* @192.168.190.34:514
right now this isn't easy to do.
5.8 is a rather old version, you should have all the docs installed on your
system (they are shipped along with rsyslog)
with that old a version, I would do this with rulesets.
I would create a ruleset that forwarded severity levels 0-2 and another ruleset
that forwarded severity levels 0-6
Then you would need to have a long series of conditions
:fromhost-ip, isequal, '1.2.3.4' ruleset1
&~
:fromhost-ip, isequal, '1.2.3.5' ruleset1
&~
*.* ruleset2
There is a proposal for a better way to do this, but at the moment it's waiting
for sponsorship for the development. However, this new method would require
upgrading to the current development version after it's written.
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
