On Tue, 2 Apr 2013, Josh Bitto wrote:
Yes that is what I want....I want to route them to a file of my liking.
What I want is to have the logs from windows (win server 2008, Exchange, etc)
also from switches and routers all log to my rsyslog central server.
The default rules all work. I can see them on my syslog server with no problems.
1. I cannot see window logs. (I think I need to specify a file to direct
them to.)
2. I cannot see "other" application logs for the same reason. I've looked
at the tutorials and tried to alter the config in different ways and I can't get it to
work.
I'm not a programmer so I don't know what it is I need to add to make it work.
but in both cases you do see the logs in /var/log/messages, correct? you just
want to route them to some other files.
you will need to write some filter rules to do this.
To write filters, you need to figure out three things
1. what do you want where
2. what is common among the logs you want in each place (and to try and make
that common thing be something that doesn't appear in logs you don't want if
that place)
3. the proper syntax to implement the policy that you decide in steps 1 and 2
One good way to see what's in each log message is to create a logfile that uses
the debug format
add
*.* /var/log/debugformat;RSYSLOG_DebugFormat
This writes the log messages in a format that shows you what value is in each
field.
You can then decide what fields make sense for you to use to seperate your logs.
After that we can talk about the syntax needed to implement the policy that you
want.
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
