Hello Travis - If I understand your desire...
if ($fromhost-ip=='192.168.0.1' ) then {
action(type="omfile" file="/var/log/remote_firewall.log")
stop
}
...is correct. The stop command is literal. If you put it in the main
stream, then nothing beyond that point ever happens.
On 10/21/18 10:22 AM, J Travis Lindsey via rsyslog wrote:
How do i make the following only write these messages to the file
/var/log/remote_firewall.log and not duplicate them inside /var/log/syslog?
```
# in /etc/rsyslog.d//00-custom1.conf
if $fromhost-ip=='192.168.0.1' then /var/log/remote_firewall.log
stop
```
Does it need to be written like this
<https://www.rsyslog.com/doc/v8-stable/rainerscript/control_structures.html>
?
```
if ($fromhost-ip=='192.168.0.1' ) then {
action(type="omfile" file="/var/log/remote_firewall.log")
stop
}
```
What part of
https://www.rsyslog.com/doc/v8-stable/configuration/basic_structure.html
explains this?
On Sun, Oct 21, 2018 at 10:48 AM Rainer Gerhards <[email protected]>
wrote:
Sorry, right now I have only time to post a better link.
https://www.rsyslog.com/doc/v8-stable/configuration/basic_structure.html
In your example stop is applied unconditionally as it is not inside a
block {} structure with a filter.
Rainer
Sent from phone, thus brief.
J Travis Lindsey via rsyslog <[email protected]> schrieb am So.,
21. Okt. 2018, 16:12:
Hello,
I'm trying to get a better understanding of rsyslog and stop and custom
files.
I have a rule based on the `basic` format like this:
```
# in /etc/rsyslog.d//00-custom1.conf
if $fromhost-ip=='192.168.0.1' then /var/log/remote_firewall.log
stop
```
The one benefit that i found of stop is that it prevents the messages i
was
filtering from also showing up in /var/log/syslog. The docs state stop
<
https://www.rsyslog.com/doc/v8-stable/configuration/actions.html?highlight=stop
is to "filter out messages before carrying on any further processing". Is
"stop" always in the context of the rule preceding it? So basically in my
example, it just stops the processing of anymore of if
$fromhost-ip=='192.168.0.1' then /var/log/remote_firewall.log?
Or, maybe in the above case, is the following true?
1. Any rules in filenames greater than 00 (like 01-custom.conf) will
not
be honored because of the last "stop
<
https://www.rsyslog.com/doc/v8-stable/configuration/actions.html?highlight=stop
"
in 00-custom1.conf?
2. Any rules after the "stop
<
https://www.rsyslog.com/doc/v8-stable/configuration/actions.html?highlight=stop
"
line in the 00-custom1.conf file will not be honored?
How does the order of files in "rsyslog.d/<0-9>-*.conf" work?
_______________________________________________
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
