Thanks David, I thought I had tried that and it didn't work. I'll give it another go and see how I make out.
On Mon, Feb 17, 2014 at 11:19 PM, David Lang <[email protected]> wrote: > the logs go out to every destination where the rule matches the log entry. > If you don't want to have this happen, you need to explicitly throw away > the log entry after you process it. > > There are two ways to do this. > > prior to v6 you would do > > > if ($source contains 'switch_') then :ommysql:127.0.0.1,Syslog, > rsyslog,myPassword;switches > & ~ > > the & says to apply the same filter as previous and the ~ says to throw > away the log > > with current versions, you can do > > > if ($source contains 'switch_') then { > :ommysql:127.0.0.1,Syslog,rsyslog,myPassword;switches > stop > } > > instead (the old way still works) > > David Lang > > > > On Mon, 17 Feb 2014, Darhl Thomason wrote: > > Date: Mon, 17 Feb 2014 08:47:45 -0800 >> From: Darhl Thomason <[email protected]> >> Reply-To: rsyslog-users <[email protected]> >> To: [email protected] >> Subject: [rsyslog] Logging to multiple db tables >> >> >> I have rsyslog set to send info to multiple mysql db tables. This is >> working fine other than everything is going to both the specific table as >> well as my "catch-all" table. I found a thread >> http://lists.adiscon.net/pipermail/rsyslog/2013-June/033092.html that >> seems >> to address the issue. The solution is to use the stop command. I'm not >> sure how to implement that in my environment. >> >> >> >> Any help you can provide on how to get the stop to work would be greatly >> appreciated! >> >> >> >> I have my database info set in /etc/rsyslog.d/mysql.conf which contains: >> >> ### Configuration file for rsyslog-mysql >> >> ### Changes are preserved >> >> $ModLoad ommysql >> >> >> >> $template switches,"insert into tblSwitches (Message, Facility, FromHost, >> Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values >> (\'%msg%\', %syslogfacility%, \'%HOSTNAME%\', %syslogpriority%, >> \'%timereported:::date-mysql%\', \'%timegenerated:::date-mysql%\', %iut%, >> \'%syslogtag%\')",SQL >> >> >> >> $template wireless,"insert into tblWireless (Message, Facility, FromHost, >> Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values >> (\'%msg%\', %syslogfacility%, \'%HOSTNAME%\', %syslogpriority%, >> \'%timereported:::date-mysql%\', \'%timegenerated:::date-mysql%\', %iut%, >> \'%syslogtag%\')",SQL >> >> >> >> $template firewall,"insert into tblFirewalls (Message, Facility, FromHost, >> Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values >> (\'%msg%\', %syslogfacility%, \'%HOSTNAME%\', %syslogpriority%, >> \'%timereported:::date-mysql%\', \'%timegenerated:::date-mysql%\', %iut%, >> \'%syslogtag%\')",SQL >> >> >> >> $template vmware,"insert into tblVMware (Message, Facility, FromHost, >> Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values >> (\'%msg%\', %syslogfacility%, \'%HOSTNAME%\', %syslogpriority%, >> \'%timereported:::date-mysql%\', \'%timegenerated:::date-mysql%\', %iut%, >> \'%syslogtag%\')",SQL >> >> >> >> if ($source contains 'switch_') then >> :ommysql:127.0.0.1,Syslog,rsyslog,myPassword;switches >> >> >> >> if ($source contains 'wap_') then >> :ommysql:127.0.0.1,Syslog,rsyslog,myPassword;wireless >> >> >> >> if ($source contains 'firewall_') then >> :ommysql:127.0.0.1,Syslog,rsyslog,myPassword;firewall >> >> >> >> if ($source contains 'esxi_') then >> :ommysql:127.0.0.1,Syslog,rsyslog,myPassword;vmware >> >> >> >> *.* :ommysql:localhost,Syslog,rsyslog,myPassword >> >> >> >> Thanks! >> _______________________________________________ >> rsyslog mailing list >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com/professional-services/ >> What's up with rsyslog? Follow https://twitter.com/rgerhards >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >> DON'T LIKE THAT. >> >> _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
