On Sat, 11 Jan 2014, David Lang wrote:
On Sat, 11 Jan 2014, Trent Creekmore wrote:
Using examples located at the URL
http://www.rsyslog.com/doc/rsyslog_conf_filter.html I have come up with the
following filter:
------
if $fromhost-ip startswith '192.168.5.' and $programname == 'asterisk' then
action(type="omfile" file="/var/log/asterisk1.log")
------
This is based on a log entry from tinkering around with the examples. Once
such entry is :
Jan 11 16:25:01 localhost CROND[7261]: (asterisk) CMD
(/var/lib/asterisk/agi-bin/areminder-manager.php 2>&1 >/dev/null)
What is not clear is the entry (asterisk) is a user or a program name since
both of those exist.
As the filer is, it is not reporting anything, so either it is a user name,
or I am doing something wrong.
Which is it, and what to do to correct it?
in this message, the programname is CROND
if you write some messages with the format RSYSLOG_DebugFormat it will show
you what each of the variables end up holding.
(asterisk) is the beginning of the msg variable, so you could do
$msg startswith"(asterisk)"
correction:
$msg startswith "(asterisk)"
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
