Looks like a too old version. V5?
Sent from phone, thus brief. -------- Ursprüngliche Nachricht -------- Von: Reinoud Koornstra <[email protected]> Datum: 26.04.2013 21:55 (GMT+01:00) An: rsyslog-users <[email protected]> Betreff: Re: [rsyslog] logging everything from a host to a file Thanks for your link, i did read it. First i the logging to a file line: if $fromhost-ip == '192.168.1.75' then { \ action(type="omfile" file="/var/log/remotefile02") \ stop \ } However, this isn't liked by rsyslogd, what is wrong with this? Thanks, Reinoud. 5787.347979514:main thread: cfline: 'if $fromhost-ip == '192.168.1.75' then { action(type="omfile" file="/var/log/remotefile02") stop }' 5787.347995507:main thread: - general expression-based filter 5787.348006472:main thread: calling expression parser, pp 0xbf83dd8c ('if $fromhost-ip == '192.168.1.75' then { action(type="omfile" file="/var/log/remotefile02") stop }') 5787.348019184:main thread: skipped whitespace, stream now '$fromhost-ip == '192.168.1.75' then { action(type="omfile" file="/var/log/remotefile02") stop }' 5787.348031615:main thread: ctok_token 0x97b0a60: token: 13 5787.348044536:main thread: expr 0x97b09e8: MSGVAR 5787.348057945:main thread: skipped whitespace, stream now '== '192.168.1.75' then { action(type="omfile" file="/var/log/remotefile02") stop }' 5787.348068282:main thread: ctok_token 0x97b0a60: token: 100 5787.348080225:main thread: expr 0x97b09e8: cmp 5787.348093145:main thread: skipped whitespace, stream now ''192.168.1.75' then { action(type="omfile" file="/var/log/remotefile02") stop }' 5787.348104390:main thread: ctok_token 0x97b0ba8: token: 14 5787.348116123:main thread: expr 0x97b09e8: simpstr 5787.348128904:main thread: skipped whitespace, stream now 'then { action(type="omfile" file="/var/log/remotefile02") stop }' 5787.348139031:main thread: skipped whitespace, stream now 'then { action(type="omfile" file="/var/log/remotefile02") stop }' 5787.348150485:main thread: ctok_token 0x97b0ba8: token: 18 5787.348163965:main thread: expr 0x97b09e8: successfully parsed/created expression 5787.348177234:main thread: vmprg 0x97b0a48: VM Program: 5787.348190993:main thread: vmop 0x97b0b50: push_msgvar fromhost-ip[cstr] 5787.348205450:main thread: vmop 0x97b0cc0: push_const 192.168.1.75[cstr] 5787.348218371:main thread: vmop 0x97b0d18: cmp_== 5787.348231361:main thread: tried selector action for builtin-file: -2001 5787.348242047:main thread: tried selector action for builtin-fwd: -2001 5787.348252104:main thread: tried selector action for builtin-shell: -2001 5787.348261812:main thread: tried selector action for builtin-discard: -2001 5787.348271799:main thread: tried selector action for builtin-usrmsg: -2001 5787.348281368:main thread: config line NOT successfully processed 5787.348291634:main thread: Called LogError, msg: the last error occured in /etc/rsyslog.conf, line 35 On Fri, Apr 26, 2013 at 6:33 AM, Rainer Gerhards <[email protected]>wrote: > On Thu, 2013-04-25 at 16:56 -0700, Reinoud Koornstra wrote: > > Hi Everyone, > > > > I've been trying to get everything from some host to a their hostfile. > > In the rsyslog.conf i have this: > > > > $template PerHostLog,"/var/log/remote-hosts/%HOSTNAME%.log" > > if $fromhost-ip startswith '192.168.1.' then -?PerHostLog > > > > However, i still get messages from 192.168.1.75 for example in > > /var/log/syslog or in /var/log/debug instead of /var/log/remote-hosts/ > > 192.168.1.75 for example. > > Hence, log messages from 192.168.1.75 are scattered in several log file. > > I want all messages from that host to that specific file and the current > > template isn't cutting it obviously. > > The same holds for other hosts on that subnet. > > > > What am I doing wrong in my template? > > How to make everything from 192.168.1.75 goes to one file? > You are probably interested in this part of the doc (read at least the > part on split logfiles): > http://www.rsyslog.com/doc/multi_ruleset.html > Rainer > > Thanks, > > > > Reinoud. > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
