David, No I can't see the logs in the messages file that pertain to the windows logs.
Josh P.S. I can see however messages from a client linux box. That's a plus :D -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of David Lang Sent: Tuesday, April 02, 2013 12:52 PM To: rsyslog-users Subject: Re: [rsyslog] rsyslog newbie On Tue, 2 Apr 2013, Josh Bitto wrote: > Yes that is what I want....I want to route them to a file of my liking. > > What I want is to have the logs from windows (win server 2008, Exchange, etc) > also from switches and routers all log to my rsyslog central server. > > > The default rules all work. I can see them on my syslog server with no > problems. > > > 1. I cannot see window logs. (I think I need to specify a file to direct > them to.) > > 2. I cannot see "other" application logs for the same reason. I've > looked at the tutorials and tried to alter the config in different ways and I > can't get it to work. > I'm not a programmer so I don't know what it is I need to add to make it work. but in both cases you do see the logs in /var/log/messages, correct? you just want to route them to some other files. you will need to write some filter rules to do this. To write filters, you need to figure out three things 1. what do you want where 2. what is common among the logs you want in each place (and to try and make that common thing be something that doesn't appear in logs you don't want if that place) 3. the proper syntax to implement the policy that you decide in steps 1 and 2 One good way to see what's in each log message is to create a logfile that uses the debug format add *.* /var/log/debugformat;RSYSLOG_DebugFormat This writes the log messages in a format that shows you what value is in each field. You can then decide what fields make sense for you to use to seperate your logs. After that we can talk about the syntax needed to implement the policy that you want. David Lang _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
