Kielek, Samuel wrote: > Thanks, but I still don't know how to separate out the local and remote > logs. I tried using expression based filters but didn't have much > success. For example these config lines: > > # Log remotely generated authpriv messages to /syslog > $template r_secure, > "/syslog/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/secure.log" > if $source != 'localhost' and $syslogfacility-text == 'authpriv' then > -?r_secure > > Cause these errors: > > Jun 5 14:24:27 ncldl38011 rsyslogd:unknown priority name "" > Jun 5 14:24:27 ncldl38011 rsyslogd:the last error occured in > /etc/rsyslog.conf, line 25 > Jun 5 14:24:27 ncldl38011 rsyslogd:warning: selector line without > actions will be discarded > > Not sure if it's something with my syntax or is it just that this > version of rsyslog doesn't (fully) support this. I'm assuming it's not > supported since the error seems to indicate that it is interpreting that > expression filter line as a standard selector type filter. > > Thanks, > Sam </snip>
Have you seen this: http://wiki.rsyslog.com/index.php/Sysklogd_drop-in_with_remote_logs_separated_by_dynamic_directory -- Elisamuel Resto <[EMAIL PROTECTED]> Source Mage Developer / http://sourcemage.org GPG KEY: 18615F19 / http://simplysam.us _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog
