you still haven't provided any config file that shows the rules that log to
myfile.log, so I can't tell you what you've done wrong.
However, I will point out that every file that the rules match for gets a copy
of the log message, not only the first one.
Also, you don't send the contents of you local logfile, you send any logs that
match the rules you have in place for forwarding.
a couple of useful features in rsyslog to help with this.
& matches the filter rules immediatly preceeding it
~ as an action says to throw away this message now and don't process any rules
below this point.
so you can have a rule that matches some logs and write them to one file, and
then follow it with the line
& ~
and no other rules in your ruleset will see any log messages that match that
filer (and go into that file)
David Lang
On Tue, 19 Mar 2013, A.M Shash wrote:
David;
Thanks; I need to clarify a bit more. Both /var/log/messages and
/var/log/myfile.log files are local to the host. I need to send
/var/log/messages (which caprtures system logs) and /var/log/myfile.log (which
catuptures log for my software running on the host) to a remote server. My only
problem when I send both files, the content of /var/log/myfile.log will be
written inside /var/log/messages. Which I don't want that to happen. Please
advice. Thank You
________________________________
From: David Lang <[email protected]>
To: A.M Shash <[email protected]>; rsyslog-users <[email protected]>
Cc: Rainer Gerhards <[email protected]>
Sent: Monday, March 18, 2013 5:17 PM
Subject: Re: [rsyslog] rsyslog.conf configuration
On Mon, 18 Mar 2013, A.M Shash wrote:
Date: Mon, 18 Mar 2013 12:00:13 -0700 (PDT)
From: A.M Shash <[email protected]>
To: Rainer Gerhards <[email protected]>,
rsyslog-users <[email protected]>
Subject: [rsyslog] rsyslog.conf configuration
Dear; I have an rsyslog.conf file to forward /var/log/messages file and the
local log file /var/log/myfile.log to remote server. All of of the content of
/var/log/messages and /var/log/myfile.log are forwarded to remote server.
However; all of the content of /var/log/myfile.log file is written to
/var/log/messages file. How should I stop the content of /var/log/myfile.log
from writing to /var/log/messages ? The sample rsyslog.conf file looks as
follow;
#Text File Input Module
$ModLoad imfile
$ModLoad imklog
$ModLoad imuxsock
*.info;mail.none;authpriv.none;cron.none /var/log/messages
$InputFileName /var/log/myfile.log
$InputFileTag PDA
$InputFileStateFile dpush
#$InputFileSeverity
#$InputFileFacility
$InputRunFileMonitor
$InputFilePollInterval 10
_______________________________________________
This isn't your complete configuration (it doesn't show the output to the
remote system for example)
There are two ways you can do this.
1. make a series of rules along the lines of
send everything to the remote server
if the source is mufile.log (by mathing the facility you set for example) throw
the log away (the ~ action)
write to /var/log/messages
2. you can use rulesets, where you have one ruleset for all your normal logs
that both writes to /var/log/messages and sends remotely, and a second ruleset
that just sends remotely.
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
