the configuration file looks like this: # /etc/rsyslog.conf
Configuration file for rsyslog. # # � For more information see
# � /usr/share/doc/rsyslog-doc/htm ################# ####
MODULES #### ################# $ModLoad imuxsock # provides support for
local system logging $ModLoad imklog # provides kernel logging support
#$ModLoad immark # provides --MARK-- message capability # provides UDP
syslog reception $ModLoad imudp $UDPServerRun 514 # provides TCP syslog
reception $ModLoad imtcp $InputTCPServerRun 514
########################### #### GLOBAL DIRECTIVES ####
########################### # # Use traditional timestamp format. # To
enable high precision timestamps, comment out the following line. #
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat # # Set the default
permissions for all log files. # $FileOwner root $FileGroup adm
$FileCreateMode 0640 $DirCreateMode 0755 $Umask 0022 # # Where to place
spool and state files # $WorkDirectory /var/spool/rsyslog # # Include all
config files in /etc/rsyslog.d/ # $IncludeConfig /etc/rsyslog.d/*.conf
############### #### RULES #### ############### if $fromhost-ip ==
"11.11.11.11" then { if $programname == "mysql" then
action(type="omfile" file="/var/log/serwery/mysql/m else
action(type="omfile" file="/var/log/serwery/serwer1 } if
$fromhost-ip == "11.11.11.12" then /var/log/serwery/serwer2.log &
stop if $fromhost-ip == "111.11.11.13" then
/var/log/serwery/serwer3.log & stop if $fromhost-ip ==
"11.11.11.14" then /var/log/serwery/serwer4.log & stop if
$fromhost-ip == "11.11.11.15" then /var/log/serwery/serwer5.log &
stop auth,authpriv.* � /var/log/auth.log *.*;auth,authpriv.none
-/var/log/syslog #cron.* � /var/log/cron.log daemon.*
-/var/log/daemon.log kern.* -/var/log/kern.log lpr.* �
-/var/log/lpr.log mail.* -/var/log/mail.log user.*
-/var/log/user.log # # Logging for the mail system. Split it up so that #
it is easy to write scripts to parse these files. # mail.info �
-/var/log/mail.info mail.warn � -/var/log/mail.warn mail.err
/var/log/mail.err # # Logging for INN news system. # news.crit
� /var/log/news/news.crit news.err /var/log/news/news.err
news.notice � -/var/log/news/news.notice # # Some
"catch-all" log files. # *.=debug;\ auth,authpriv.none;\
news.none;mail.none -/var/log/debug *.=info;*.=notice;*.=warn;\
auth,authpriv.none;\ cron,daemon.none;\ mail,news.none
-/var/log/messages # # Emergencies are sent to everybody logged in. #
*.emerg � :omusrmsg:* # # I like to have messages displayed on the
console, but only on a virtual # console I usually leave idle. #
#daemon,mail.*;\ # news.=crit;news.=err;news.=not #
*.=debug;*.=info;\ # *.=notice;*.=warn /dev/tty8 # The named
pipe /dev/xconsole is for the `xconsole' utility. To use it, # you must
invoke `xconsole' with the `-file' option: # # $ xconsole -file
/dev/xconsole [...] # # NOTE: adjust the list below, or you'll go crazy
if you have a reasonably # busy site.. # daemon.*;mail.*;\
news.err;\ *.=debug;*.=info;\ *.=notice;*.=warn
|/dev/xconsole the contents of files serwer2.log - serwer5.log
recorded individually only in those files Ihave no idea how to continue
Dnia 31 stycznia 2017 10:08 David Lang <[email protected]>
napisał(a):
On Tue, 31 Jan 2017, [email protected] wrote:
Hello i have make this filter: if $fromhost-ip ==
&#34;11.11.11.11&#34; then { if $programname ==
&#34;mysql&#34; then action(type=&#34;omfile&#34;
file=&#34;/va else action(type=&#34;omfile&#34;
file=&#34;/va } This work fine but in /var/log/syslog.log entries
shows up
again, and I do not want it. When I add “&amp; stop” after } rsyslog wont
start What I have wrong?
as you see above, this didn't come through cleanly.
But my guess is that you have multiple filters that match the same log message,
so the message gets written to all outputs. This is how things are intended to
work.
If you want to stop processing filters after some condition is matched, you can
put the 'stop' statement in and no filters afer that point will be
processed.
David Lang
______________________________
rsyslog mailing list
lists.adiscon.net lists.adiscon.net
www.rsyslog.com www.rsyslog.com
What's up with rsyslog? Follow twitter.com twitter.com
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
