How do i make the following only write these messages to the file /var/log/remote_firewall.log and not duplicate them inside /var/log/syslog?
``` # in /etc/rsyslog.d//00-custom1.conf if $fromhost-ip=='192.168.0.1' then /var/log/remote_firewall.log stop ``` Does it need to be written like this <https://www.rsyslog.com/doc/v8-stable/rainerscript/control_structures.html> ? ``` if ($fromhost-ip=='192.168.0.1' ) then { action(type="omfile" file="/var/log/remote_firewall.log") stop } ``` What part of https://www.rsyslog.com/doc/v8-stable/configuration/basic_structure.html explains this? On Sun, Oct 21, 2018 at 10:48 AM Rainer Gerhards <[email protected]> wrote: > Sorry, right now I have only time to post a better link. > > https://www.rsyslog.com/doc/v8-stable/configuration/basic_structure.html > > In your example stop is applied unconditionally as it is not inside a > block {} structure with a filter. > > Rainer > > > Sent from phone, thus brief. > > > J Travis Lindsey via rsyslog <[email protected]> schrieb am So., > 21. Okt. 2018, 16:12: > >> Hello, >> >> I'm trying to get a better understanding of rsyslog and stop and custom >> files. >> >> I have a rule based on the `basic` format like this: >> ``` >> # in /etc/rsyslog.d//00-custom1.conf >> if $fromhost-ip=='192.168.0.1' then /var/log/remote_firewall.log >> stop >> ``` >> >> The one benefit that i found of stop is that it prevents the messages i >> was >> filtering from also showing up in /var/log/syslog. The docs state stop >> < >> https://www.rsyslog.com/doc/v8-stable/configuration/actions.html?highlight=stop >> > >> is to "filter out messages before carrying on any further processing". Is >> "stop" always in the context of the rule preceding it? So basically in my >> example, it just stops the processing of anymore of if >> $fromhost-ip=='192.168.0.1' then /var/log/remote_firewall.log? >> >> Or, maybe in the above case, is the following true? >> >> 1. Any rules in filenames greater than 00 (like 01-custom.conf) will >> not >> be honored because of the last "stop >> < >> https://www.rsyslog.com/doc/v8-stable/configuration/actions.html?highlight=stop >> >" >> in 00-custom1.conf? >> 2. Any rules after the "stop >> < >> https://www.rsyslog.com/doc/v8-stable/configuration/actions.html?highlight=stop >> >" >> line in the 00-custom1.conf file will not be honored? >> >> >> How does the order of files in "rsyslog.d/<0-9>-*.conf" work? >> _______________________________________________ >> rsyslog mailing list >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com/professional-services/ >> What's up with rsyslog? Follow https://twitter.com/rgerhards >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >> DON'T LIKE THAT. >> > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
