Hello. I'm trying to log messages from various network devices to rsyslog and write them into a database. Therefore I use a setup as described in http://www.rsyslog.com/doc-rsyslog_mysql.html
My (simple) rsyslog.conf contains the following: $ModLoad imudp $UDPServerAddress x.x.x.x $UDPServerRun 1514 # standard port is used by syslog-ng $ModLoad ommysql *.* :ommysql:localhost,DBNAME,DBUSER,DBPASS This writes all arriving log messages to the database and I can watch them with phplogcon. Up to here everything is ok and works. Now I only want to log messages from specific network devices identified by ip address but I'm totaly lost when it comes to combine filter conditions and actions. I've tried :fromhost-ip, isequal "IP.IP.IP.IP" \ :ommysql:localhost,DBNAME,DBUSER,DBPASS *.* :fromhost-ip, isequal "IP.IP.IP.IP" \ :ommysql:localhost,DBNAME,DBUSER,DBPASS but obvious this is BS ;) Goal is to log only network devices and maybe later log different devices to different databases. The backslash is added by me only in this mail. The commands are all in one line. Any help is appreciated. Best regards Sebastian _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
