What do you mean exactly? Le mar. 22 sept. 2020 à 21:35, David Lang <[email protected]> a écrit :
> what does the debugformat version of the log look like? > > > On Tue, 22 Sep 2020, Venizia via rsyslog wrote: > > > Date: Tue, 22 Sep 2020 18:19:48 +0200 > > From: Venizia via rsyslog <[email protected]> > > To: [email protected] > > Cc: Venizia <[email protected]> > > Subject: Re: [rsyslog] Centos 7 - Splitting rsyslog messages to > different log > > files > > > > Thx David. > > > > it looks like the programname variable is not set: > > > > 1031.909509937:imudp.c : recv(4,236),acl:1,msg:<134>Sep 22 > 18:10:31 haproxy[30548]: IP:XX.XX.XX.XX - 62528 - > [22/Sep/2020:18:10:28.654] - https_front~ - http_back/albus - {website} - > 200 - "GET /files/2016/03/Bar-gros-sel_5-495x400.jpg HTTP/1.1" > > > > 1031.909523552:imudp.c : msg parser: flags 70, from > '~NOTRESOLVED~', msg '<134>Sep 22 18:10:31 haproxy[30548]: IP:XX.XX.XX.XX - > 6252' > > > > Is this due to the format of the log? > > > > Thx! > > > > Le 22/09/20 10:12, « David Lang » <[email protected]> a écrit : > > > > write logs with the template RSYSLOG_DebugFormat and look at the > result. I'd bet > > that the programname isn't what you expect, or that your first filter > is > > matching everything that your second would, and since you stop > processing logs > > that match the first filter, nothing is left to match the second one. > > > > David Lang > > > > On Tue, 22 > > Sep 2020, Venizia via rsyslog wrote: > > > > > Date: Tue, 22 Sep 2020 08:32:04 +0200 > > > From: Venizia via rsyslog <[email protected]> > > > To: [email protected] > > > Cc: Venizia <[email protected]> > > > Subject: [rsyslog] Centos 7 - Splitting rsyslog messages to > different log > > > files > > > > > > Hello ! > > > > > > > > > > > > On a centos 7, I got haproxy. I would like to split the logs from > haproxy to different log files. So in /etc/rsyslog.d, I have created the > following: > > > > > > > > > > > > # Collect log with UDP > > > > > > $ModLoad imudp > > > > > > $UDPServerAddress 127.0.0.1 > > > > > > $UDPServerRun 514 > > > > > > > > > > > > # Creating separate log files based on the severity > > > > > > local0.notice /var/log/haproxy-admin.log > > > > > > & stop > > > > > > if $programname == 'haproxy' and $msg contains "~ http_back/" then > /var/log/haproxy/wp1.log > > > > > > & stop > > > > > > local0.* /var/log/haproxy-traffic.log > > > > > > & stop > > > > > > > > > > > > > > > > > > I should so get 3 differents files: > > > haproxy-admin.log with all notice messages > > > wp1.log with all messages containing ‘http_back’ in it > > > haproxy-traffic with the rest of messages > > > > > > > > > But I only get the first and the third one. I guess that there is a > mistake in the line: > > > > > > if $programname == 'haproxy' and $msg contains "~ http_back/" then > /var/log/haproxy/wp1.log > > > > > > > > > > > > I am not so familiar with rsyslog (that’s the first time I am > trying to do such a thing) so I do not know how I could check the content > of the 2 variables: $programname and $msg. > > > > > > Any advice on that? > > > > > > > > > > > > Thx in advance! > > > > > > Lydie > > > > > > _______________________________________________ > > > rsyslog mailing list > > > https://lists.adiscon.net/mailman/listinfo/rsyslog > > > http://www.rsyslog.com/professional-services/ > > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if > you DON'T LIKE THAT. > > > > > > _______________________________________________ > > rsyslog mailing list > > https://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
