Re: [rsyslog] config file error

Thu, 13 Jun 2013 12:17:40 -0700 

On Thu, 13 Jun 2013, Mahesh V wrote:


I am using rsyslog 5.x version
-bash-4.1# /sbin/rsyslogd -v
rsyslogd 5.8.10, compiled with:
       FEATURE_REGEXP:                         Yes
       FEATURE_LARGEFILE:                      No
       GSSAPI Kerberos 5 support:              Yes
       FEATURE_DEBUG (debug build, slow code): No
       32bit Atomic operations supported:      Yes
       64bit Atomic operations supported:      Yes
       Runtime Instrumentation (slow code):    No
I need to filter messages based on executable names.
myapp.exe should be put in mysql
mahesh should be put in /var/log/messages
and the remaining can go in /var/log/127.0.0.1/syslog.log

myapp.*;
:ommysql:localhost,Syslog,sysloguser,root123

mahesh.* :/var/log/messages

$template FILENAME,"/var/log/%fromhost-ip%/syslog.log"
*.* ?FILENAME
But when I restart rsyslog (service rsyslog restart) I get an error in
syslog.log

Jun 10 12:32:01 localhost rsyslogd: warning: selector line without actions
will be discarded
Jun 10 12:32:01 localhost rsyslogd-3000: unknown facility name "mahesh"
[try http://www.rsyslog.com/e/3000 ]
Jun 10 12:32:01 localhost rsyslogd: the last error occured in
/etc/rsyslog.conf, line 64:"mahesh.* :/var/log/messages"
Jun 10 12:32:01 localhost rsyslogd: warning: selector line without actions
will be discarded
Jun 10 12:32:01 localhost rsyslogd-2124: CONFIG ERROR: could not interpret
master config file '/etc/rsyslog.conf'. [try http://www.rsyslog.com/e/2124 ]
Kindly help me
regards
Mahesh
you cannot just put the name of the app on the line and expect rsyslog to know what to do with it.
facility.severity filters only work with the predefined facilities. you can't invent your own. 

review the filtering capabilities at:
http://www.rsyslog.com/doc/rsyslog_conf_filter.html
but note that since you are using such an old version, the rainerscript capabilities are far less than what this page talks about. 

David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Reply via email to