Ok let me back up a little maybe this will help. I want to log "system event logs" with facility 3 and severity (whichever 3error, 4warning, 5notice, or 6 info)
I haven't decided which one is relevant to exclude yet. I want to forward that to my linux rsyslog server. I know I have to do something in the config that says...ok I'm getting this log from this ip addy....I want to put it in this file. I copied and pasted this... # This one is the template to generate the log filename dynamically, depending on the client's IP address. $template FILENAME,"/var/log/%fromhost-ip%/syslog.log" # Log all messages to the dynamically formed file. Now each client's log (192.168.1.2, 192.168.1.3,etc...), will be under a separate directory which is formed by the template FILENAME. *.* ?FILENAME To my rsyslog.conf on my syslog server. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of David Lang Sent: Tuesday, April 02, 2013 12:52 PM To: rsyslog-users Subject: Re: [rsyslog] rsyslog newbie On Tue, 2 Apr 2013, Josh Bitto wrote: > Yes that is what I want....I want to route them to a file of my liking. > > What I want is to have the logs from windows (win server 2008, Exchange, etc) > also from switches and routers all log to my rsyslog central server. > > > The default rules all work. I can see them on my syslog server with no > problems. > > > 1. I cannot see window logs. (I think I need to specify a file to direct > them to.) > > 2. I cannot see "other" application logs for the same reason. I've > looked at the tutorials and tried to alter the config in different ways and I > can't get it to work. > I'm not a programmer so I don't know what it is I need to add to make it work. but in both cases you do see the logs in /var/log/messages, correct? you just want to route them to some other files. you will need to write some filter rules to do this. To write filters, you need to figure out three things 1. what do you want where 2. what is common among the logs you want in each place (and to try and make that common thing be something that doesn't appear in logs you don't want if that place) 3. the proper syntax to implement the policy that you decide in steps 1 and 2 One good way to see what's in each log message is to create a logfile that uses the debug format add *.* /var/log/debugformat;RSYSLOG_DebugFormat This writes the log messages in a format that shows you what value is in each field. You can then decide what fields make sense for you to use to seperate your logs. After that we can talk about the syntax needed to implement the policy that you want. David Lang _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
