Am 16.02.2011 14:04, schrieb Reindl Harald: > > > Am 16.02.2011 13:55, schrieb Robert Schetterer: >> Am 16.02.2011 09:10, schrieb Reindl Harald: >>> This game should be played with the system-logger >>> >>> /etc/rsyslog.conf: >>> :msg, contains, "client=localhost[127.0.0.1]" ~ >>> :msg, contains, "client=unknown[127.0.0.1]" ~ >>> >>> Am 16.02.2011 09:07, schrieb Robert Schetterer: >>>> Hi, >>>> is there an easy "switch" to getout >>>> of logging "Connection reset by peer" from special ips/net i.e from >>>> loadbalancers or montitoring checks? >>>> for sure only a cosmetic question >>>> >>>> ----snip >>>> 1 write [.....]:40057: Connection reset by peer >>> >> >> hi , thx i know what you want to get me in >> >> but this does not work as such simple ( tested in lucid ), i see i >> should study rsyslog > > order is afaik important
youre so right > > here my full config with stripped mysql-passwords > which is another (optional) thing > > i have running this config since fedora 11 and now running fedora 13 > while testing on F14 also successfull > ___________________ > > #### MODULES #### > > $ModLoad imuxsock.so # provides support for > local system logging > $ModLoad imklog.so # provides kernel logging > support > $ModLoad ommysql # provides mysql-output > > #### GLOBAL DIRECTIVES #### > > # Use default timestamp format > $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat > > #### RULES #### > > # Ignored messages > :msg, contains, "FILTER barracudafeed" ~ > :msg, contains, "disconnect from barracuda.thelounge.net[10.0.0.20]" ~ > :msg, contains, "Did not receive identification string from 10.0.0.30" ~ > :msg, contains, "connect from thx1138.thelounge.net[10.0.0.30]" ~ > :msg, contains, "lost connection after CONNECT from > thx1138.thelounge.net[10.0.0.30]" ~ > :msg, contains, "connect from barracuda.thelounge.net[10.0.0.20]" ~ > :msg, contains, "RCPT from barracuda.thelounge.net" ~ > :msg, contains, "uid=0 from=<root>" ~ > :msg, contains, "client=localhost[127.0.0.1]" ~ > :msg, contains, "client=unknown[127.0.0.1]" ~ thx i see , now it worked > > > > # Log anything (except mail) of level info or higher > > > # Don't log private authentication messages! > > > *.info;mail.none;authpriv.none;cron.none /var/log/messages > > > > > > # The authpriv file has restricted access. > > > authpriv.* /var/log/secure > > > > > > # Log all the mail messages in one place. > > > mail.* -/var/log/maillog > > > > > > # Log cron stuff > > > cron.* /var/log/cron > > > > > > # Everybody gets emergency messages > > > *.emerg * > > > > > > # Save news errors of crit in special file. > > > uucp,news.crit /var/log/spooler > > > > > > # Save boot messages also to boot.log > > > local7.* /var/log/boot.log > > > > ### DATABASE-LOGGING ### > $WorkDirectory /var/spool/rsyslog # default location for > work (spool) files > $ActionQueueType LinkedList # use asynchronous > processing > $ActionQueueFileName dbq # set file name, also > enables disk mode > $ActionResumeRetryCount -1 # infinite retries on > insert failure > *.info;mail.none;authpriv.none;cron.none > :ommysql:logserver1,rsyslog,rsyslog,***** > mail.* > :ommysql:logserver2,syslog,rsyslog,***** > -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
