Hi Phillip, Thanks for the response. The %HOSTNAME% part works fine here if I do this: $template DynFwall,"/var/log/server-logs/firewall/%HOSTNAME%.log" *.* -?DynFwall
However if I try to filter by IP using the "fromhost-ip" like this: *.* :fromhost-ip,isequal,"192.168.1.1" -?DynFwall It fails to capture logs in the DynFwall template file. I've tried to do this with the "fromhost" and the "fromhost-ip" and neither seem to work? I want to have it so that a specific host IP uses a specific template. It looks like the fromhost and the fromhost-ip arn't working at all? Or my config is wrong. Dose anyone on the list have "fromhost-ip" working? Thanks, Ralph Philip M. Gollucci wrote: > On 1/17/2010 5:50 PM, Ralph Crongeyer wrote: > >> # Firewall logs # >> $template DynFwall,"/var/log/server-logs/firewall/%HOSTNAME%.log" >> *.* :fromhost-ip, isequal, "192.168.1.1" -?DynFwall >> >> But I just getting this error in /var/log/syslog: >> >> Jan 17 16:49:47 log rsyslogd: [origin software="rsyslogd" >> swVersion="4.4.2" x-pid="12540" x-info="http://www.rsyslog.com";] (re)start >> Jan 17 16:49:47 log rsyslogd: the last error occured in >> /etc/rsyslog.d/remote-logs.conf, line 10 >> Jan 17 16:49:47 log rsyslogd: warning: selector line without actions >> will be discarded >> Jan 17 16:49:47 log rsyslogd: the last error occured in >> /etc/rsyslog.conf, line 48 >> Jan 17 16:49:47 log rsyslogd-2124: CONFIG ERROR: could not interpret >> master config file '/etc/rsyslog.conf'. [try http://www.rsyslog.com/e/2124 ] >> >> I'm trying to log all logs from my IPCop host to >> "/var/log/server-logs/firewall/%HOSTNAME%.log" . >> > > I tried for 1.5 days to figure this out cutting and pasting examples > left and right. Finally I came up with the following with works well > for me, you should be able to tweak it slightly for yourself. > > > $template by_prog,"/var/log/rws/%programname%.log" > > :programname, regex, "^pxy.*rc\." ?by_prog > & :omrelp:cl.dca1.rws:2514 > & ~ > > Just sub out %programname% for %HOSTNAME% > > > > -- Reminds me of my expedition into the wilds of Afghanistan. We lost our corkscrew and were compelled to live on food and water for several days. - WC Fields _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
