: [rsyslog] Allocating certain logs to certain files
What I do with splunk is that I have my clients send all the logs up to my
central server, and Splunk server. I then have the rsyslog on the Splunk server
write the logs that I want splunk to index into a file and then throw all the
other logs
[mailto:rsyslog-boun...@lists.adiscon.com] On Behalf Of Marcelo Veglienzone
Sent: Wednesday, April 03, 2013 11:47 AM
To: rsyslog-users
Subject: Re: [rsyslog] Allocating certain logs to certain files
Josh,
This is what I'm currently using, http://pastebin.com/tsTHdsZY Starting at line
116 you'll find
Sent: Wednesday, April 03, 2013 12:07 PM
To: rsyslog-users
Subject: Re: [rsyslog] Allocating certain logs to certain files
loghost is the name of the machine doing the central logging with rsyslog which
I want to keep it's logs under the default location
$source != 'loghost.example.com'
means
To: rsyslog-users
Subject: Re: [rsyslog] Allocating certain logs to certain files
loghost is the name of the machine doing the central logging with rsyslog
which I want to keep it's logs under the default location
$source != 'loghost.example.com'
means every hosts but loghost.example.com
.
-Original Message-
From: rsyslog-boun...@lists.adiscon.com
[mailto:rsyslog-boun...@lists.adiscon.com] On Behalf Of Marcelo Veglienzone
Sent: Wednesday, April 03, 2013 12:30 PM
To: rsyslog-users
Subject: Re: [rsyslog] Allocating certain logs to certain files
In that case you only need one
PM
To: rsyslog-users
Subject: Re: [rsyslog] Allocating certain logs to certain files
loghost is the name of the machine doing the central logging with
rsyslog which I want to keep it's logs under the default location
$source != 'loghost.example.com'
means every hosts but loghost.example.com
Nachricht
Von: Josh Bitto jbi...@onlineschool.ca
Datum: 03.04.2013 21:49 (GMT+01:00)
An: rsyslog-users rsyslog@lists.adiscon.com
Betreff: Re: [rsyslog] Allocating certain logs to certain files
Okie dokie
Would these if then statements work for windows events?
Basically here is my
, April 03, 2013 1:56 PM
To: rsyslog-users
Subject: Re: [rsyslog] Allocating certain logs to certain files
I found this reference helpful:
http://en.wikipedia.org/wiki/Syslog
On Wed, Apr 3, 2013 at 4:02 PM, Rainer Gerhards rgerha...@hq.adiscon.comwrote:
I suggest
http://www.monitorware.com/en
-users
Subject: Re: [rsyslog] Allocating certain logs to certain files
In that case you only need one rule, something like this should work
1. if \
2. $source != 'loghost.example.com' \
3. then*.* ?DYNlogfile
On Wed, Apr 3, 2013 at 4:23 PM, Josh Bitto jbi
...@lists.adiscon.com] On Behalf Of Marcelo Veglienzone
Sent: Wednesday, April 03, 2013 12:30 PM
To: rsyslog-users
Subject: Re: [rsyslog] Allocating certain logs to certain files
In that case you only need one rule, something like this should work
1. if \
2. $source
[mailto:rsyslog-boun...@lists.adiscon.com] On Behalf Of Marcelo Veglienzone
Sent: Wednesday, April 03, 2013 2:31 PM
To: rsyslog-users
Subject: Re: [rsyslog] Allocating certain logs to certain files
The config I shared does that
On Apr 3, 2013 6:18 PM, Josh Bitto jbi...@onlineschool.ca wrote:
Marcelo
...@lists.adiscon.com [mailto:
rsyslog-boun...@lists.adiscon.com] On Behalf Of Marcelo Veglienzone
Sent: Wednesday, April 03, 2013 12:30 PM
To: rsyslog-users
Subject: Re: [rsyslog] Allocating certain logs to certain files
In that case you only need one rule, something like this should work
To: rsyslog-users
Subject: Re: [rsyslog] Allocating certain logs to certain files
In that case you only need one rule, something like this should work
1. if \
2. $source != 'loghost.example.com' \
3. then*.* ?DYNlogfile
On Wed, Apr 3, 2013 at 4:23 PM, Josh Bitto jbi
13 matches
Mail list logo