Hi Muhammad, 1) There's a debug format for rsyslog messages (RSYSLOG_DebugFormat): For example, I log all apache (httpd) logs into the local5 facility of rsyslog (Jboss into the local2 facility etc...)The following line will write all local5 logs into /var/log/debugfmt : local5.* /var/log/debugfmt;RSYSLOG_DebugFormat This will let you read local5 logs (apache logs in my case) and check all the header fields (app-name for example) in order to filter logs based on these services. You'll have to create your own log format (check the doc for that). Note: Be careful ----> the debug format of rsyslog is too much verbose so make sure to compress this file using logrotate. 2) Filtering logs based on IP addresses wont be that hard (i think) : It depends on the classful or classless (CIDR) notation of your network. Howerver, here again you need to check your syslog messages in debug format and try to create rules to filter messages of a whole network for example. Good luckAnwar
> Date: Mon, 24 Mar 2014 16:00:54 +0500 > From: [email protected] > To: [email protected] > Subject: [rsyslog] Service oriented filtering in rsyslog?? > > Hi! > > Hope you all will be enjoying good health. > I need some help relating to rsyslog. > > I can easily filtering logs on bases of some text in message. > > 1- But i want to filter logs on the bases of services like httpd, apache2, > smb, iptables, > 2- Secondly how can i avoid mention each server why not a whole network. > > Regards > M.Asif > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
