On Fri, 4 Sep 2009, [email protected] wrote: > I ahve a config file that fixes up broken syslog messages that has the > following > > $template fixsnareFormat,"%timereported% %HOSTNAME% MSWinEventLog > %syslogtag%%msg:18:$:drop-last-lf%\n" > $template fixsnareForwardFormat,"<%pri%>%timereported% %HOSTNAME% > MSWinEventLog %syslogtag%%msg:18:$:drop-last-lf%\n" > $template TraditionalFormat,"%timereported% %HOSTNAME% > %syslogtag%%msg:::drop-last-lf%\n" > $template TraditionalForwardFormat,"<%pri%>%timereported% %HOSTNAME% > %syslogtag%%msg:::drop-last-lf%\n" > #$template TraditionalFormat,"%timegenerated% > %syslogtag%%msg:::drop-last-lf%\n" > :syslogtag, startswith, "MSWinEventLog#011" *.* > /var/log/messages;fixsnareFormat > & @192.168.210.8;fixsnareForwardFormat > & ~ > *.* /var/log/messages;TraditionalFormat > *.* @192.168.210.8;TraditionalForwardFormat > > > the upstream box is seeing things as I would expect, but the local > /var/log/messages file is not > > is it incorrect to have two entries that both write to /var/log/messages?
never mind, I just spotted the extra *.* in there (nothing was reported when starting up) David Lang _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
