Ok so I'm having an issue where I'm receiving logs from different hosts and
they are being logged to my /var/log/messages. PLUS in the template that I have
it set for. I don't want this "double" logging. Is there a way to correct this?
My programming fu is weak.
I have it setup in rsyslog.conf configured to a template as the attached txt
file.
Joshua Bitto
Information Technologist
KCC
$template DYNmessages,"/var/log/hosts/%HOSTNAME%/messages"
$template DYNsecure,"/var/log/hosts/%HOSTNAME%/secure"
$template DYNmaillog,"/var/log/hosts/%HOSTNAME%/maillog"
$template DYNcron,"/var/log/hosts/%HOSTNAME%/cron"
$template DYNspooler,"/var/hosts/log/%HOSTNAME%/spooler"
$template DYNboot,"/var/log/hosts/%HOSTNAME%/boot.log"
$template DYNmysqld,"/var/log/hosts/%HOSTNAME%/mysqld.log"
$template httpdaccess,"/var/log/hosts/%HOSTNAME%/httpd-access.log"
$template httpderror,"/var/log/hosts/%HOSTNAME%/httpd-error.log"
$template rkhunterlog,"/var/log/hosts/%HOSTNAME%/rkhunter.log"
$template bashhist,"/var/log/hosts/%HOSTNAME%/bashhistory.log"
if \
$source != 'hostname' \
and \
$syslogseverity <= '6' \
and ( \
$syslogfacility-text != 'mail' \
and \
$syslogfacility-text != 'authpriv' \
and \
$syslogfacility-text != 'cron' \
and \
$programname != 'mysqld' \
and \
$programname != 'httpd' \
and \
$programname != 'rkhunter' \
and \
$programname != 'bashhist' \
) \
then ?DYNmessages
if \
$source != 'hostname' \
and \
$syslogfacility-text == 'authpriv' \
then ?DYNsecure
if \
$source != 'hostname' \
and \
$syslogfacility-text == 'mail' \
then -?DYNmaillog
if \
$source != 'hostname' \
and \
$syslogfacility-text == 'cron' \
then ?DYNcron
if \
$source != 'hostname' \
and \
(\
$syslogfacility-text == 'uucp' \
or \
$syslogfacility-text == 'news' \
)\
and \
$syslogseverity-text == 'crit' \
then ?DYNspooler
if \
$source != 'hostname' \
and \
$syslogfacility-text == 'local7' \
then ?DYNboot
if \
$source != 'hostname' \
and \
$programname == 'mysqld' \
then ?DYNmysqld
if \
$source != 'hostname' \
and \
$programname == 'httpd' \
and \
$syslogfacility-text == 'local6' \
then ?httpdaccess
if \
$source != 'hostname' \
and \
$programname == 'httpd' \
and \
$syslogfacility-text == 'local5' \
then ?httpderror
if \
$source != 'hostname' \
and \
$programname == 'rkhunter' \
and \
$syslogfacility-text == 'local1' \
then ?rkhunterlog
if \
$source != 'hostname' \
and \
$syslogfacility-text == 'local4' \
then ?bashhist
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
