The config does not look obviously wrong to me (but I am bad at catching errors...). A good suggestion is to write a debug log, it will tell you in detail what happened during the filter evaluation.
Rainer > -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of Sepperlot > Sent: Tuesday, January 12, 2010 4:17 PM > To: [email protected] > Subject: [rsyslog] Only log from network devices to database > > Hello. > > I'm trying to log messages from various network devices to rsyslog and > write them into a database. > Therefore I use a setup as described in > http://www.rsyslog.com/doc-rsyslog_mysql.html > > My (simple) rsyslog.conf contains the following: > > $ModLoad imudp > $UDPServerAddress x.x.x.x > $UDPServerRun 1514 # standard port is used by syslog-ng > > $ModLoad ommysql > *.* :ommysql:localhost,DBNAME,DBUSER,DBPASS > > > This writes all arriving log messages to the database and I can watch > them with phplogcon. Up to here everything is ok and works. > > Now I only want to log messages from specific network devices > identified > by ip address but I'm totaly lost when it comes to combine filter > conditions and actions. I've tried > > :fromhost-ip, isequal "IP.IP.IP.IP" \ > :ommysql:localhost,DBNAME,DBUSER,DBPASS > > *.* :fromhost-ip, isequal "IP.IP.IP.IP" \ > :ommysql:localhost,DBNAME,DBUSER,DBPASS > > but obvious this is BS ;) > Goal is to log only network devices and maybe later log different > devices to different databases. > > The backslash is added by me only in this mail. The commands are all in > one line. > > Any help is appreciated. > > Best regards > Sebastian > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
