hi - I am sending messages like this to a remote rsyslog server.
Oct 4 00:23:39 lbl-164 log.iked: Oct 3 21:20:57.001 [TIMER] TOQ next entry is Service 0x8c7bdfcc in 999 ms @2016-10-03 21:20:58.000 Ultimately I want to grab the string 'log.iked' (there can and will be other strings in other messages) and use that as a filename to store this message in. I am happy to store the message just as it is. Even more ultimately I will have a finite list of filenames that I know to expect and hope to write a rule (or a filter or a template or something) to grab each one and stick it in its own file. The messages are being delivered to rsyslog and they are being stored but only in the default of /var/log/messages. I took my stock /etc/rsyslog.conf file and added these lines at the top of the RULES section. #### RULES #### :rawmsg, contains, "iked" action(type="omfile" file="/var/log/ikedlog") :rawmsg, contains, "iked" iked.log Because I know some messages will come in with iked.log as a substring I thought this would examine the message as it is on the wire, find "iked.log" (or just iked) as a substring and one of those two lines might store the message away in either /var/log/ikedlog or /var/log/iked.log. Neither seems to be happening. I have run the configuration checker and... [root@lbl-31 log]# /sbin/rsyslogd -f /etc/rsyslog.conf -N 1 rsyslogd: version 5.8.10, config validation run (level 1), master config /etc/rsyslog.conf rsyslogd: WARNING: rsyslogd is running in compatibility mode. Automatically generated config directives may interfer with your rsyslog.conf settings. We suggest upgrading your config and adding -c5 as the first rsyslogd option. rsyslogd: Warning: backward compatibility layer added to following directive to rsyslog.conf: ModLoad immark rsyslogd: Warning: backward compatibility layer added to following directive to rsyslog.conf: MarkMessagePeriod 1200 rsyslogd: Warning: backward compatibility layer added to following directive to rsyslog.conf: ModLoad imuxsock rsyslogd: End of config validation run. Bye. It does not seem to call out any errors with my lines. I am unclear on how to add -c5 as my first rsyslogd option in the config file. Am I using the wrong rsyslog tool? It seems to have many (filters, templates, property replacers, etc) and I am not sure which is the right tool for this job. Is my syntax wrong? thanks for any help, Richard _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
