Omg....why am I so stupid... Thank you for the obvious!
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Orangepeel Beef Sent: Wednesday, May 14, 2014 12:22 PM To: rsyslog-users Subject: Re: [rsyslog] Rsyslog w/ logstash-elasticsearch-kibana server if $fromhost-ip !='127.0.0.1' then { action(name="PerHostFile" type="omfile" dynafile="RemoteHost" DynaFileCacheSize="1000" ziplevel="5") stop } On Wed, May 14, 2014 at 12:11 PM, Josh Bitto <[email protected]> wrote: > Ok so I did what you suggested, but that broke some things. It stopped > my other template action to send the logs to elasticsearch. (From > there Kibana sees the logs) > > Here is a snippet from my config. > http://pastebin.com/2W4g6nUS > > > > -----Original Message----- > From: [email protected] [mailto: > [email protected]] On Behalf Of Orangepeel Beef > Sent: Wednesday, May 14, 2014 11:44 AM > To: rsyslog-users > Subject: Re: [rsyslog] Rsyslog w/ logstash-elasticsearch-kibana server > > that's odd, try going to https://github.com/embalmed/so-logstashy then > browse into configsamples/rsyslog-30-remote.txt > > but i've tested the link and it works for me, so not sure whats up > there > > > On Wed, May 14, 2014 at 11:41 AM, Josh Bitto <[email protected]> > wrote: > > > When I click on the link I get a 404 "this is not the page you are > > looking for" with a cute star wars themed character. > > > > > > > > -----Original Message----- > > From: [email protected] [mailto: > > [email protected]] On Behalf Of Orangepeel Beef > > Sent: Wednesday, May 14, 2014 11:40 AM > > To: rsyslog-users > > Subject: Re: [rsyslog] Rsyslog w/ logstash-elasticsearch-kibana > > server > > > > Doesn't really matter. > > > > > > https://github.com/embalmed/so-logstashy/blob/master/configsamples/r > > sy > > slog-30-remote.txtis > > the one my buddy uses. > > > > > > On Wed, May 14, 2014 at 10:55 AM, Josh Bitto > > <[email protected]> > > wrote: > > > > > Should this template be before ###RULES### config or does it matter? > > > > > > -----Original Message----- > > > From: [email protected] [mailto: > > > [email protected]] On Behalf Of Orangepeel Beef > > > Sent: Wednesday, May 14, 2014 10:52 AM > > > To: rsyslog-users > > > Subject: Re: [rsyslog] Rsyslog w/ logstash-elasticsearch-kibana > > > server > > > > > > Add the word 'stop' on the next line. > > > > > > > > > > > > > > > On Wed, May 14, 2014 at 10:21 AM, Josh Bitto > > > <[email protected]> > > > wrote: > > > > > > > Hey David, > > > > > > > > I had a question for you and anyone else that know's the answer to. > > > > Currently I'm running the omfile you suggested on my development > > > > server and I'm noticing that the code is working, but also that > > > > my messages log file is also filling up with the same log information. > > > > Is there a way to filter logs to only go to their destination > > > > and not log into the messages log file that is in linux? > > > > > > > > Here is the part of my config that I have done. > > > > ------------------------------------------- > > > > $template > > > > > > > > > > RemoteHost,"/var/log/hosts/%HOSTNAME%/%$YEAR%/%$MONTH%/%$DAY%/%syslogseverity-text%.log.gz" > > > > > > > > action(name="PerHostFile" type="omfile" dynafile="RemoteHost" > > > > DynaFileCacheSize="1000" ziplevel="5" > > > > ------------------------------------------- > > > > > > > > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > From: [email protected] [mailto: > > > > [email protected]] On Behalf Of David Lang > > > > Sent: Friday, May 09, 2014 3:36 PM > > > > To: rsyslog-users > > > > Subject: Re: [rsyslog] Rsyslog w/ logstash-elasticsearch-kibana > > > > server > > > > > > > > On Fri, 9 May 2014, Josh Bitto wrote: > > > > > > > > > In the link I posted there is a description of > > > > > syslogpriority-text -an alias for syslogseverity-text > > > > > > > > > > And that's my question as to what it is referencing. > > > > > > > > ahh, in that case you use whichever one makes sense to you, some > > > > people think of it as priority, some as severity, rsyslog > > > > supports both names with identical content. > > > > > > > > David Lang > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > From: [email protected] > > > > > [mailto:[email protected]] On Behalf Of David > > > > > Lang > > > > > Sent: Friday, May 09, 2014 3:33 PM > > > > > To: rsyslog-users > > > > > Subject: Re: [rsyslog] Rsyslog w/ > > > > > logstash-elasticsearch-kibana server > > > > > > > > > > On Fri, 9 May 2014, Josh Bitto wrote: > > > > > > > > > >> Happy Friday! > > > > >> > > > > >> One last question. I modified the template a tad bit and > > > > >> added the > > > > following. > > > > >> > > > > >> $template > > > > > > > > > > RemoteHost,"/var/log/hosts/%HOSTNAME%/%$YEAR%/%$MONTH%/%$DAY%/%syslogseverity-text%.log.gz" > > > > >> > > > > >> When looking at the > > > http://www.rsyslog.com/doc/property_replacer.htmldocumentation I > > > see both "syslogseverity-text" and "syslogpriority-text" > > > > >> > > > > >> My question is in this case I'm basically separating the > > > > >> files based on the severity. In what instance would I use the alias > > > > >> for? > > > > >> I guess I'm not fully understanding what its purpose is. > > > > > > > > > > what are you referring to as the 'alias'? > > > > > > > > > > I'm not understanding your question. > > > > > > > > > > David Lang > > > > > > > > > > _______________________________________________ > > > > > rsyslog mailing list > > > > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > > > > http://www.rsyslog.com/professional-services/ > > > > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > > > > NOTE > > > WELL: > > > > This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > > > > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if > > > > you DON'T LIKE THAT. > > > > > _______________________________________________ > > > > > rsyslog mailing list > > > > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > > > > http://www.rsyslog.com/professional-services/ > > > > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > > > > NOTE > > > > > WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > > > > > myriad of > > > > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if > > > > you DON'T LIKE THAT. > > > > > > > > > _______________________________________________ > > > > rsyslog mailing list > > > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > > > http://www.rsyslog.com/professional-services/ > > > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > > > NOTE > > WELL: > > > > This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > > > > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if > > > > you DON'T LIKE THAT. > > > > _______________________________________________ > > > > rsyslog mailing list > > > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > > > http://www.rsyslog.com/professional-services/ > > > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > > > NOTE > > > > WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > > > > myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO > > > > NOT POST if you DON'T LIKE THAT. > > > > > > > _______________________________________________ > > > rsyslog mailing list > > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > > http://www.rsyslog.com/professional-services/ > > > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE > WELL: > > > This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > > > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if > > > you DON'T LIKE THAT. > > > _______________________________________________ > > > rsyslog mailing list > > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > > http://www.rsyslog.com/professional-services/ > > > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE > > > WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > > > myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT > > > POST if you DON'T LIKE THAT. > > > > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: > > This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > > DON'T LIKE THAT. > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE > > WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if > > you DON'T LIKE THAT. > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: > This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites > beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE > WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
