On Wed, 13 Aug 2014, Ivan Lezhnjov IV wrote:
I finally got around to this.
So, in my configuration, which is rather simple and doesn't differ from a
default one much I do this:
:syslogtag, contains, "postgres" /var/log/postgresql.log
&~
*.*
/var/log/syslog
*.* @@172.16.16.1:2514
I want PostgreSQL logs in a separate file (and only this one file), and to
also send them to a remote server for further processing there. However, if i
stop processing on the client with the discard command &~, they never get sent
to the remote server.
After reading documentation (a while ago), I somehow was under impression that
rsyslog would process rules in the order of their appearance in a
configuration file.
they are.
So, I naturally tried to move the "*.* @@172.16.16.1:2514"
line up and rearranged the order to the effect of this:
*.* @@172.16.16.1:2514
:syslogtag, contains, "postgres" /var/log/postgresql.log
&~
*.*
/var/log/syslog
But it still wouldn't work. i would see /var/log/postgresql.log being written
to on the client, but nothing arriving to the remote server.
If I do away with the &~, messages are logged to /var/log/postgresql.log,
/var/log/syslog and are sent to the remote server. Regardless of where I place
the "*.* @@172.16.16.1:2514" line, at the top or at the bottom of
configuration file.
something is very wrong if removing & ~ affects lines prior to where it appears.
Now, this isn't something to be chased down in v5 since it's so old, but if you
can duplicate that with v8 it will get attention real fast.
Unless there is some other way, it appears I need to use the an
expressions-based filter. I have another question regarding this, however. How
does one express the *.* in an expression like this:
if $syslogfacility-text == '*.*' and not \
($syslogfacility-text == 'auth' or $syslogfacility-text == 'authpriv' \
or $syslogtag contains 'postgres') then /var/log/syslog
?
That clearly doesn't work, the *.* part.
correct, syslogfacility is the part before the . in *.*
but with v8, if you want *.* you can just leave it out
@@172.16.16.4:2514
David Lang
Ivan
On Aug 8, 2014, at 2:38 AM, David Lang <[email protected]> wrote:
On Fri, 8 Aug 2014, Ivan Lezhnjov IV wrote:
Just to be clear, is this configuration syntax supported by the legacy v5?
Because that's all I can use.
that syntax is v8, you can do it in v5 but it would be a different syntax.
David Lang
Ivan
On Aug 7, 2014, at 10:19 PM, Eugene Istomin <[email protected]> wrote:
Hello,
if by 'directly' you mean just not to write a local text log -
if $hostname == $$myhostname and $programname == [ ....]
then {
call send_log & stop
}
}
ruleset(name="send_log")
{
action(type="om*" .....)
}
Of course, this should be written/included before any omfile/other local
textlog actions.
---
Best regards,
Eugene Istomin
On Thursday, August 07, 2014 09:16:04 PM Ivan Lezhnjov IV wrote:
Hello,
I was wondering if it is possible to send messages that are coming in from
text files monitored by imfile directly to a remote server. That is, these
messages must never appear in any syslog log files on the client machine.
The reason I'm looking for this sort of configuration is because it strikes
me as redundant and utterly superfluous to duplicate other programs' log
file in syslog.
Ivan
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
