Flo, I tried that then I started getting this error while I restart the service
May 03 12:40:11 Hostname rsyslogd[30213]: invalid character in selector line - ';template' expected [v8.24.0] May 03 12:40:11 Hostname rsyslogd[30213]: error during parsing file /etc/rsyslog.d/remotelog.conf, on or before line 54: errors occured in file '/etc/rsyslog.d/remotelog.conf' around line 54 [v8.24.0 try http://www.rsyslog.com/e/2207 ] May 03 12:40:11 Hostname rsyslogd[30213]: invalid character in selector line - ';template' expected [v8.24.0] May 03 12:40:11 Hostname rsyslogd[30213]: error during parsing file /etc/rsyslog.d/remotelog.conf, on or before line 55: errors occured in file '/etc/rsyslog.d/remotelog.conf' around line 55 [v8.24.0 try http://www.rsyslog.com/e/2207 ] This is what I added in the .conf file if $fromhost-ip == '10.XX.X' then /opt/apps/syslog/fw1-admin.log. stop if $fromhost-ip == '10.X.X.X' then /opt/apps/syslog/fw1-comm-core.log stopif $fromhost-ip == '10.X.X.X' then /opt/apps/syslog/fw1-comm-dist.log stopif $fromhost-ip == '10.X.X.X' then /opt/apps/syslog/fw2-admin.log stopif $fromhost-ip == '10.X.X.X' then /opt/apps/syslog/fw2-comm-core.log stop but as soon as I remove the stop its started the service without the error ... may be I am syntax is not correct ..? Thanks in advance for any help ,really appreciated RegardsHaary On Thursday, May 3, 2018, 12:25:29 PM EDT, Haary rock via rsyslog <[email protected]> wrote: Thanks I will try that for each entries ... RegardsHarry.. On Thursday, May 3, 2018, 10:36:07 AM EDT, Flo Rance <[email protected]> wrote: You should give a condition, otherwise it will stop processing for all messages. E.g. if $fromhost-ip contains '10..x.x.x' then stop On Thu, May 3, 2018 at 3:55 PM, Haary rock via rsyslog <[email protected]> wrote: Sorry I am reposting since it got mangled the texts .. the problem is if I use the &~ at the end of the line .. its doesn't stop sending the logs to /var/log/messages .. but if I use the "stop" at the end of the file .. its stops sending messages to /var/log/messages completely . &~ used to work on previous version of syslog ..but its not working on the rsyslogd 8.24.0 (RHEL 7.0) I have my .conf file here #This will allow this server to log the remotely forwarded logs $FileCreateMode 0664 $fileOwner xxxx $FileGroup xxx $dirOwner xxxx # $template FilenameTemplateOne,"/opt/ apps/syslog/%HOSTNAME%.log" if $fromhost-ip startswith '192.168.' then -?FilenameTemplateOne # $template FilenameTemplateOne,"/opt/ apps/syslog/%HOSTNAME%.log" if $fromhost-ip startswith '209.95.224.' then -?FilenameTemplateOne # if $fromhost-ip == '10.x.x.x’ then /opt/apps/syslog/Fw1.log if $fromhost-ip == '10..x.x.x’ then /opt/apps/syslog/fw2.log if $fromhost-ip == '10..x.x.x’ then /opt/apps/syslog/mainsw1.log if $fromhost-ip == '10..x.x.x’' then /opt/apps/syslog/secswitch.log stop &~ used to work on previous version of syslog ..but its not working on the rsyslogd 8.24.0 (RHEL 7.0) it gives the warning when I restart the syslog rsyslogd[25517]: warning: ~ action is deprecated, consider using the 'stop' statement instead Any help would be greatly appreciated ThanksHaary. On Wednesday, May 2, 2018, 5:24:14 PM EDT, David Lang <[email protected]> wrote: On Wed, 2 May 2018, Haary rock via rsyslog wrote: > #This will allow this server to log the remotely forwarded > logs$FileCreateMode 0664$fileOwner netman$FileGroup cscworks$dirOwner > netman#$template FilenameTemplateOne,"/opt/ apps/syslog/%HOSTNAME%.log"if > $fromhost-ip startswith '192.x.' then -?FilenameTemplateOne#$ template > FilenameTemplateOne,"/opt/ apps/syslog/%HOSTNAME%.log"if $fromhost-ip > startswith 'x.x.x..' then -?FilenameTemplateOne#if $fromhost-ip == '10.x.x.1' > then /opt/apps/syslog/Firewall1- admin.logif $fromhost-ip == '10.x.x.x' then > /opt/apps/syslog/firewall- core.logif $fromhost-ip == '10.x.x.x' then > /opt/apps/syslog/switch1.logif $fromhost-ip == '10.x.x.x' then > /opt/apps/syslog/switch2- admin.log > there are few more similar entries from all the Ip's I wanted to create the > logs .. > the problem is if I use the &~ at the end of the line .. its doesn't stop > sending the logs to /var/log/messages .. > but if I use the "stop" at the end of the file .. its stops sending messages > to /var/log/messages completely . > &~ used to work on previous version of syslog ..but its not working on the > rsyslogd 8.24.0 (RHEL 7.0) please retry your post, as you can see, it mangled the files you were posting ______________________________ _________________ rsyslog mailing list http://lists.adiscon.net/ mailman/listinfo/rsyslog http://www.rsyslog.com/ professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
