I'm sorry I should have clarified....Windows events go to both locations mentioned.
Could I add a rule that says... If \ $source == 'somekind of windows identifier' \ Then ?DYNmessages Would that work? -----Original Message----- From: rsyslog-boun...@lists.adiscon.com [mailto:rsyslog-boun...@lists.adiscon.com] On Behalf Of Marcelo Veglienzone Sent: Wednesday, April 03, 2013 2:31 PM To: rsyslog-users Subject: Re: [rsyslog] Allocating certain logs to certain files The config I shared does that On Apr 3, 2013 6:18 PM, "Josh Bitto" <jbi...@onlineschool.ca> wrote: > Marcelo, > > Thank you for the help earlier. Now I have another question. I kept > the first rules and now. I want to add a rule of sorts. > > When rsyslog receives upd traffic it not only is adding it to my > /var/log/messages file but also to the > /var/log/hosts/<hostname>/messages > file as well. > > Is there a way for it to NOT log to the /var/log/messages and ONLY to > the /var/log/hosts/<hostname>/messages? > > > > -----Original Message----- > From: rsyslog-boun...@lists.adiscon.com [mailto: > rsyslog-boun...@lists.adiscon.com] On Behalf Of Marcelo Veglienzone > Sent: Wednesday, April 03, 2013 12:30 PM > To: rsyslog-users > Subject: Re: [rsyslog] Allocating certain logs to certain files > > In that case you only need one rule, something like this should work > > > 1. if \ > 2. $source != 'loghost.example.com' \ > 3. then *.* ?DYNlogfile > > > > > On Wed, Apr 3, 2013 at 4:23 PM, Josh Bitto <jbi...@onlineschool.ca> wrote: > > > Oh ok thank you! That worked! > > > > I'm sorry I keep asking questions.... > > > > So in the If, then statements where it says > > > > if \ > > $source != 'syslog.onlineschool.ca' \ > > and \ > > $syslogseverity <= '6' \ > > > > -------------------------------------------------------------- > > > > The very last line of the above $syslogseverity<= '6'\ > > > > Does this only log certain message types? Or if I wanted to have > > everything what would I put? > > > > (not a programmer) > > > > > > > > -----Original Message----- > > From: rsyslog-boun...@lists.adiscon.com [mailto: > > rsyslog-boun...@lists.adiscon.com] On Behalf Of Marcelo Veglienzone > > Sent: Wednesday, April 03, 2013 12:07 PM > > To: rsyslog-users > > Subject: Re: [rsyslog] Allocating certain logs to certain files > > > > loghost is the name of the machine doing the central logging with > > rsyslog which I want to keep it's logs under the default location > > > > $source != 'loghost.example.com' > > means every hosts but loghost.example.com > > > > > > On Wed, Apr 3, 2013 at 4:03 PM, Josh Bitto <jbi...@onlineschool.ca> > wrote: > > > > > On your if, then statements where it says $source != ' > > loghost.example.com' > > > \ > > > > > > What would I replace it with? %hostname% > > > > > > The reason I ask is that there will be many host names or IP > > > addresses that I'm forwarding logs from. > > > > > > > > > > > > -----Original Message----- > > > From: rsyslog-boun...@lists.adiscon.com [mailto: > > > rsyslog-boun...@lists.adiscon.com] On Behalf Of Marcelo > > > Veglienzone > > > Sent: Wednesday, April 03, 2013 11:47 AM > > > To: rsyslog-users > > > Subject: Re: [rsyslog] Allocating certain logs to certain files > > > > > > Josh, > > > > > > This is what I'm currently using, http://pastebin.com/tsTHdsZY > > > Starting at line 116 you'll find what you want > > > > > > > > > On Wed, Apr 3, 2013 at 3:38 PM, Josh Bitto > > > <jbi...@onlineschool.ca> > > wrote: > > > > > > > Ok here is my issue...on my cental rsyslog server I have in my > > > > config file the following.... > > > > > > > > # This one is the template to generate the log filename > > > > dynamically, depending on the client's IP address. > > > > $template FILENAME,"/var/log/%fromhost-ip%/syslog.log" > > > > > > > > # Log all messages to the dynamically formed file. Now each > > > > clients log (192.168.1.2, 192.168.1.3,etc...), will be under a > > > > separate directory which is formed by the template FILENAME. > > > > *.* ?FILENAME > > > > > > > > > > > > That puts an output to my /var/log/<host IP>/syslog.log file. > > > > > > > > Essentially what I want is to have the same thing except > > > > separate files for each log file /Dev/console /var/log/messages > > > > /var/log/secure/ -/var/log/maillog /var/log/cron *.emerg > > > > /var/log/spooler /var/log/boot.log > > > > > > > > How would I add that to the config to make it happen? > > > > > > > > The other thing....I still can't get httpd logs from remote > > > > servers to forward to my central rsyslog server. > > > > > > > > Josh > > > > > > > > > > > > > > > > > > > > Joshua Bitto > > > > Information Technologist > > > > KCC > > > > > > > > > > > > > > > > _______________________________________________ > > > > rsyslog mailing list > > > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > > > http://www.rsyslog.com/professional-services/ > > > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > > > NOTE > > > > WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > > > > myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO > > > > NOT POST if you DON'T LIKE THAT. > > > > > > > _______________________________________________ > > > rsyslog mailing list > > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > > http://www.rsyslog.com/professional-services/ > > > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE > WELL: > > > This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > > > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if > > > you DON'T LIKE THAT. > > > _______________________________________________ > > > rsyslog mailing list > > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > > http://www.rsyslog.com/professional-services/ > > > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE > > > WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > > > myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT > > > POST if you DON'T LIKE THAT. > > > > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: > > This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > > DON'T LIKE THAT. > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE > > WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if > > you DON'T LIKE THAT. > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: > This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites > beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE > WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.