On Tue, 17 Jun 2014, Craig Smith wrote:
Here’s the debug:Debug line with all properties: FROMHOST: 'nashnh.south10.apc.01', fromhost-ip: '192.168.69.120', HOSTNAME: '192.168.69.120', PRI: 15, syslogtag 'APC:', programname: 'APC', APP-NAME: 'APC', PROCID: '-', MSGID: '-', TIMESTAMP: 'Jun 17 07:38:45', STRUCTURED-DATA: '-', msg: ' Test Syslog.' escaped msg: ' Test Syslog.' inputname: imudp rawmsg: '<15>Jun 17 07:38:45 192.168.69.120 APC: Test Syslog.' And my config for the network equipment:
there's a lot more config that could be relavent
if ($fromhost-ip startswith '192.168.42.' or $fromhost-ip startswith '192.168.69.') then /var/log/network.log & ~ How can I record the messages from the APC(192.168.69.120) in network.log using FROMHOST in place of HOSTNAME?
create a new template and use your if statement to write the logs with that template instead (or consider if you can use that template for everything and not bother with an if statement)
something like $template newformat,'%timestamp% %fromhost% %syslogtag%%msg%\n' if ($fromhost-ip startswith '192.168.42.' or $fromhost-ip startswith '192.168.69.') then /var/log/network.log;newformat & ~ David Lang
_______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
