David,
I tried what you suggested but I’m not getting anything in my network.log. Do you see anything wrong from the info I have gathered? Thank you. $template newformat,'%TIMESTAMP% %FROMHOST% %syslogtag%%msg%\n' if $fromhost-ip == '192.168.69.120' then /var/log/network.log;newformat & ~ if ($fromhost-ip startswith '162.246.19' or $fromhost-ip startswith '208.184.72.') then /var/log/network.log & ~ Debug line with all properties: FROMHOST: 'nashnh.south10.apc.01', fromhost-ip: '192.168.69.120', HOSTNAME: '192.168.69.120', PRI: 15, syslogtag 'This', programname: 'This', APP-NAME: 'This', PROCID: '-', MSGID: '-', TIMESTAMP: 'Jun 18 02:34:17', STRUCTURED-DATA: '-', msg: ' is a test APC message.' escaped msg: ' is a test APC message.' inputname: imudp rawmsg: '<15>Jun 18 02:34:17 192.168.69.120 This is a test APC message.' 0693.695124088:7fa703d5d700: imudp: epoll_wait() returned with 1 fds 0693.695196209:7fa703d5d700: imudp:recv(5,62),acl:1,msg:<15>Jun 18 02:34:17 192.168.69.120 This is a test APC message.r/sbin/sshd[39214]: exited, status 255 0693.695240070:7fa703d5d700: msg parser: flags 70, from '~NOTRESOLVED~', msg '<15>Jun 18 02:34:17 192.168.69.120 This is a test APC messag' 0693.695253360:7fa703d5d700: parse using parser list 0xdce040 (the default list). 0693.695268050:7fa703d5d700: Parser 'rsyslog.rfc5424' returned -2160 0693.695278904:7fa703d5d700: Message will now be parsed by the legacy syslog parser (one size fits all... ;)). 0693.695295238:7fa703d5d700: Parser 'rsyslog.rfc3164' returned 0 0693.695334771:7fa703d5d700: main Q: qqueueAdd: entry added, size now log 1, phys 1 entries 0693.695358740:7fa703d5d700: main Q: MultiEnqObj advised worker start 0693.695388478:7fa70355c700: wti 0xdda390: worker awoke from idle processing 0693.695403130:7fa70355c700: DeleteProcessedBatch: we deleted 0 objects and enqueued 0 objects 0693.695409639:7fa70355c700: doDeleteBatch: delete batch from store, new sizes: log 1, phys 1 0693.695420256:7fa70355c700: processBatch: batch of 1 elements must be processed 0693.695432103:7fa70355c700: scriptExec: batch of 1 elements, active (nil), active[0]:1 0693.695437115:7fa70355c700: ACTION 0xde47e0 [builtin:omfile:/var/log/all.log;RSYSLOG_DebugFormat] 0693.695452481:7fa70355c700: RRRR: execAct [builtin:omfile]: batch of 1 elements, active (nil) 0693.695458364:7fa70355c700: Called action(NotAllMark), processing batch[0] via 'builtin:omfile' 0693.695463136:7fa70355c700: Called action(Batch), logging to builtin:omfile 0693.695485924:7fa70355c700: dnscache: entry (nil) found 0693.695836719:7fa70355c700: submitBatch: enter, nElem 1 0693.695844315:7fa70355c700: tryDoAction 0xde47e0, pnElem 1, nElem 1 0693.695854134:7fa70355c700: Action 0xde47e0 transitioned to state: itx 0693.695860176:7fa70355c700: entering actionCalldoAction(), state: itx 0693.695864300:7fa70355c700: file to log to: /var/log/all.log 0693.695868026:7fa70355c700: omfile: start of data: 'Debug line with all properties: FROMHOST: 'nashnh.south10.apc.01', fromhost-ip: '192.168.69.120', HOSTNAME: '192.168.69.120', PR' 0693.695879183:7fa70355c700: write to stream, pData->pStrm 0x7fa6fc002230, lenBuf 430 0693.695884943:7fa70355c700: action 0xde47e0 call returned -2121 0693.695890678:7fa70355c700: strm 0x7fa6fc002230: file 7(all.log) flush, buflen 430 0693.695904286:7fa70355c700: strmPhysWrite, stream 0x7fa6fc002230, len 430 0693.696004374:7fa70355c700: strm 0x7fa6fc002230: file 7 write wrote 430 bytes 0693.696010956:7fa70355c700: Action 0xde47e0 transitioned to state: rdy 0693.696016170:7fa70355c700: scriptExec: batch of 1 elements, active (nil), active[0]:1 0693.696019872:7fa70355c700: PROPFILT 0693.696026528:7fa70355c700: Property.: 'msg' 0693.696034271:7fa70355c700: Operation: 'contains' 0693.696043439:7fa70355c700: Value....: '[UFW ' 0693.696052739:7fa70355c700: Filter: check for property 'msg' (value ' is a test APC message.') contains '[UFW ': FALSE 0693.696059333:7fa70355c700: batch: item 0 PROPFILT 0 0693.696069709:7fa70355c700: scriptExec: batch of 1 elements, active 0x7fa6fc001060, active[0]:0 0693.696074137:7fa70355c700: ACTION 0xde3a00 [builtin:omfile:/var/log/ufw.log] 0693.696082152:7fa70355c700: RRRR: execAct [builtin:omfile]: batch of 1 elements, active 0x7fa6fc001060 0693.696091983:7fa70355c700: Called action(Batch), logging to builtin:omfile 0693.696097155:7fa70355c700: submitBatch: enter, nElem 1 0693.696100875:7fa70355c700: tryDoAction 0xde3a00, pnElem 1, nElem 1 0693.696110949:7fa70355c700: scriptExec: batch of 1 elements, active (nil), active[0]:1 0693.696115217:7fa70355c700: IF 0693.696122540:7fa70355c700: var '$fromhost-ip' 0693.696132500:7fa70355c700: == 0693.696147151:7fa70355c700: string '192.168.69.120' 0693.696174036:7fa70355c700: eval expr 0xde4350, type 'CMP_EQ' 0693.696180885:7fa70355c700: eval expr 0xde4210, type 'V[86]' 0693.696191580:7fa70355c700: rainerscript: var '$fromhost-ip': '192.168.69.120' 0693.696203540:7fa70355c700: batch: item 0: expr eval: 1 0693.696207977:7fa70355c700: scriptExec: batch of 1 elements, active 0x7fa6fc001060, active[0]:1 0693.696211631:7fa70355c700: STOP 0693.696225857:7fa70355c700: scriptExec: batch of 1 elements, active (nil), active[0]:1 0693.696229589:7fa70355c700: IF 0693.696236284:7fa70355c700: var '$fromhost-ip' 0693.696248029:7fa70355c700: STARTSWITH 0693.696264150:7fa70355c700: string '162.246.19' 0693.696278163:7fa70355c700: OR 0693.696286526:7fa70355c700: var '$fromhost-ip' 0693.696298187:7fa70355c700: STARTSWITH 0693.696307610:7fa70355c700: string '208.184.72.' 0693.696328501:7fa70355c700: execIf: all batch elements are inactive, holding execution 0693.696332761:7fa70355c700: scriptExec: batch of 1 elements, active (nil), active[0]:1 0693.696336175:7fa70355c700: PRIFILT 'auth,authpriv.*' 0693.696348444:7fa70355c700: pmask: X X X X FF X X X X X FF X X X X X X X X X X X X X X 0693.696420166:7fa70355c700: scriptExec: batch of 1 elements, active 0x7fa6fc001060, active[0]:80 0693.696424188:7fa70355c700: ACTION 0xde1a40 [builtin:omfile:/var/log/auth.log] 0693.696439344:7fa70355c700: RRRR: execAct [builtin:omfile]: batch of 1 elements, active 0x7fa6fc001060 0693.696443553:7fa70355c700: Called action(Batch), logging to builtin:omfile 0693.696453233:7fa70355c700: submitBatch: enter, nElem 1 0693.696457610:7fa70355c700: tryDoAction 0xde1a40, pnElem 1, nElem 1 0693.696461873:7fa70355c700: scriptExec: batch of 1 elements, active (nil), active[0]:1 0693.696471710:7fa70355c700: PRIFILT '*.*;auth,authpriv.none' 0693.696479360:7fa70355c700: pmask: FF FF FF FF X FF FF FF FF FF X FF FF FF FF FF FF FF FF FF FF FF FF FF FF 0693.696538632:7fa70355c700: scriptExec: batch of 1 elements, active 0x7fa6fc001060, active[0]:80 0693.696542411:7fa70355c700: ACTION 0xde2200 [builtin:omfile:-/var/log/syslog] 0693.696550577:7fa70355c700: RRRR: execAct [builtin:omfile]: batch of 1 elements, active 0x7fa6fc001060 0693.696554624:7fa70355c700: Called action(Batch), logging to builtin:omfile 0693.696558764:7fa70355c700: submitBatch: enter, nElem 1 0693.696562322:7fa70355c700: tryDoAction 0xde2200, pnElem 1, nElem 1 0693.696566597:7fa70355c700: scriptExec: batch of 1 elements, active (nil), active[0]:1 0693.696569995:7fa70355c700: PRIFILT 'kern.*' 0693.696576790:7fa70355c700: pmask: FF X X X X X X X X X X X X X X X X X X X X X X X X 0693.696633008:7fa70355c700: scriptExec: batch of 1 elements, active 0x7fa6fc001060, active[0]:80 0693.696637211:7fa70355c700: ACTION 0xde5cc0 [builtin:omfile:-/var/log/kern.log] 0693.696645050:7fa70355c700: RRRR: execAct [builtin:omfile]: batch of 1 elements, active 0x7fa6fc001060 0693.696654478:7fa70355c700: Called action(Batch), logging to builtin:omfile 0693.696659422:7fa70355c700: submitBatch: enter, nElem 1 0693.696662974:7fa70355c700: tryDoAction 0xde5cc0, pnElem 1, nElem 1 0693.696672841:7fa70355c700: scriptExec: batch of 1 elements, active (nil), active[0]:1 0693.696676984:7fa70355c700: PRIFILT 'mail.*' 0693.696683647:7fa70355c700: pmask: X X FF X X X X X X X X X X X X X X X X X X X X X X 0693.696739843:7fa70355c700: scriptExec: batch of 1 elements, active 0x7fa6fc001060, active[0]:80 0693.696743758:7fa70355c700: ACTION 0xde64e0 [builtin:omfile:-/var/log/mail.log] 0693.696751474:7fa70355c700: RRRR: execAct [builtin:omfile]: batch of 1 elements, active 0x7fa6fc001060 0693.696760948:7fa70355c700: Called action(Batch), logging to builtin:omfile 0693.696765832:7fa70355c700: submitBatch: enter, nElem 1 0693.696769329:7fa70355c700: tryDoAction 0xde64e0, pnElem 1, nElem 1 0693.696779016:7fa70355c700: scriptExec: batch of 1 elements, active (nil), active[0]:1 0693.696783216:7fa70355c700: PRIFILT 'mail.err' 0693.696789843:7fa70355c700: pmask: X X F X X X X X X X X X X X X X X X X X X X X X X 0693.696845986:7fa70355c700: scriptExec: batch of 1 elements, active 0x7fa6fc001060, active[0]:80 0693.696849837:7fa70355c700: ACTION 0xde6d00 [builtin:omfile:/var/log/mail.err] 0693.696858009:7fa70355c700: RRRR: execAct [builtin:omfile]: batch of 1 elements, active 0x7fa6fc001060 0693.696861930:7fa70355c700: Called action(Batch), logging to builtin:omfile 0693.696866034:7fa70355c700: submitBatch: enter, nElem 1 0693.696869532:7fa70355c700: tryDoAction 0xde6d00, pnElem 1, nElem 1 0693.696879554:7fa70355c700: scriptExec: batch of 1 elements, active (nil), active[0]:1 0693.696883775:7fa70355c700: PRIFILT 'news.crit' 0693.696890321:7fa70355c700: pmask: X X X X X X X 7 X X X X X X X X X X X X X X X X X 0693.696946503:7fa70355c700: scriptExec: batch of 1 elements, active 0x7fa6fc001060, active[0]:80 0693.696950475:7fa70355c700: ACTION 0xde7520 [builtin:omfile:/var/log/news/news.crit] 0693.696958695:7fa70355c700: RRRR: execAct [builtin:omfile]: batch of 1 elements, active 0x7fa6fc001060 0693.696962565:7fa70355c700: Called action(Batch), logging to builtin:omfile 0693.696966623:7fa70355c700: submitBatch: enter, nElem 1 0693.696970451:7fa70355c700: tryDoAction 0xde7520, pnElem 1, nElem 1 0693.696974531:7fa70355c700: scriptExec: batch of 1 elements, active (nil), active[0]:1 0693.696977957:7fa70355c700: PRIFILT 'news.err' 0693.696990194:7fa70355c700: pmask: X X X X X X X F X X X X X X X X X X X X X X X X X 0693.697040904:7fa70355c700: scriptExec: batch of 1 elements, active 0x7fa6fc001060, active[0]:80 0693.697044543:7fa70355c700: ACTION 0xde7d40 [builtin:omfile:/var/log/news/news.err] 0693.697058414:7fa70355c700: RRRR: execAct [builtin:omfile]: batch of 1 elements, active 0x7fa6fc001060 0693.697062584:7fa70355c700: Called action(Batch), logging to builtin:omfile 0693.697067072:7fa70355c700: submitBatch: enter, nElem 1 0693.697070597:7fa70355c700: tryDoAction 0xde7d40, pnElem 1, nElem 1 0693.697074563:7fa70355c700: scriptExec: batch of 1 elements, active (nil), active[0]:1 0693.697083745:7fa70355c700: PRIFILT 'news.notice' 0693.697091203:7fa70355c700: pmask: X X X X X X X 3F X X X X X X X X X X X X X X X X X 0693.697146995:7fa70355c700: scriptExec: batch of 1 elements, active 0x7fa6fc001060, active[0]:80 0693.697150790:7fa70355c700: ACTION 0xde8580 [builtin:omfile:-/var/log/news/news.notice] 0693.697158812:7fa70355c700: RRRR: execAct [builtin:omfile]: batch of 1 elements, active 0x7fa6fc001060 0693.697162792:7fa70355c700: Called action(Batch), logging to builtin:omfile 0693.697166911:7fa70355c700: submitBatch: enter, nElem 1 0693.697170394:7fa70355c700: tryDoAction 0xde8580, pnElem 1, nElem 1 0693.697174711:7fa70355c700: scriptExec: batch of 1 elements, active (nil), active[0]:1 0693.697178122:7fa70355c700: PRIFILT '*.emerg' 0693.697184821:7fa70355c700: pmask: 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0693.697238486:7fa70355c700: scriptExec: batch of 1 elements, active 0x7fa6fc001060, active[0]:80 0693.697242086:7fa70355c700: ACTION 0xde8d00 [builtin:omusrmsg::omusrmsg:*] 0693.697250059:7fa70355c700: RRRR: execAct [builtin:omusrmsg]: batch of 1 elements, active 0x7fa6fc001060 0693.697259935:7fa70355c700: Called action(Batch), logging to builtin:omusrmsg 0693.697264957:7fa70355c700: submitBatch: enter, nElem 1 0693.697268446:7fa70355c700: tryDoAction 0xde8d00, pnElem 1, nElem 1 0693.697277850:7fa70355c700: scriptExec: batch of 1 elements, active (nil), active[0]:1 0693.697282044:7fa70355c700: PRIFILT 'daemon.*;mail.*;news.err;*.=debug;*.=info;*.=notice;*.=warn' 0693.697294350:7fa70355c700: pmask: F0 F0 FF FF F0 F0 F0 FF F0 F0 F0 F0 F0 F0 F0 F0 F0 F0 F0 F0 F0 F0 F0 F0 F0 0693.697348201:7fa70355c700: scriptExec: batch of 1 elements, active 0x7fa6fc001060, active[0]:80 0693.697357255:7fa70355c700: ACTION 0xde9570 [builtin:ompipe:|/dev/xconsole] 0693.697366245:7fa70355c700: RRRR: execAct [builtin:ompipe]: batch of 1 elements, active 0x7fa6fc001060 0693.697375317:7fa70355c700: Called action(Batch), logging to builtin:ompipe 0693.697380084:7fa70355c700: submitBatch: enter, nElem 1 0693.697383570:7fa70355c700: tryDoAction 0xde9570, pnElem 1, nElem 1 0693.697387686:7fa70355c700: ruleset.ProcessMsg() returns 0 0693.697391654:7fa70355c700: regular consumer finished, iret=0, szlog 0 sz phys 1 0693.697395953:7fa70355c700: DeleteProcessedBatch: we deleted 1 objects and enqueued 0 objects 0693.697405520:7fa70355c700: doDeleteBatch: delete batch from store, new sizes: log 0, phys 0 0693.697410365:7fa70355c700: regular consumer finished, iret=4, szlog 0 sz phys 0 0693.697414322:7fa70355c700: main Q:Reg/w0: worker IDLE, waiting for work. -- THE INFORMATION CONTAINED IN THIS ELECTRONIC TRANSMISSION AND ANY ATTACHMENTS HERETO IS CONSIDERED PROPRIETARY AND CONFIDENTIAL. DISTRIBUTION OF THIS MATERIAL TO ANYONE OTHER THAN THE ADDRESSED IS PROHIBITED. ANY DISCLOSURE, COPYING, DISTRIBUTION, OR USE OF THE CONTENTS OF THIS TRANSMISSION OR ANY ATTACHMENTS HERETO FOR ANY REASON OTHER THAN THEIR INTENDED PURPOSE IS PROHIBITED. IF YOU HAVE RECEIVED THIS TRANSMISSION IN ERROR, PLEASE CONTACT THE SENDER. *P **Please consider the environment before printing this e-mail* _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
