Using examples located at the URL http://www.rsyslog.com/doc/rsyslog_conf_filter.html I have come up with the following filter:
------ if $fromhost-ip startswith '192.168.5.' and $programname == 'asterisk' then action(type="omfile" file="/var/log/asterisk1.log") ------ This is based on a log entry from tinkering around with the examples. Once such entry is : Jan 11 16:25:01 localhost CROND[7261]: (asterisk) CMD (/var/lib/asterisk/agi-bin/areminder-manager.php 2>&1 >/dev/null) What is not clear is the entry (asterisk) is a user or a program name since both of those exist. As the filer is, it is not reporting anything, so either it is a user name, or I am doing something wrong. Which is it, and what to do to correct it? Thanks _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
