On 7/20/17 7:38 PM, David Lang wrote:
On Thu, 20 Jul 2017, deoren wrote:
Thanks David. So if I attach the rulesets directly to the inputs, is
there any other way to combine auth facility messages into a single
file? Should I instead not attach rulesets to the inputs and instead
call the
On Thu, 20 Jul 2017, deoren wrote:
Thanks David. So if I attach the rulesets directly to the inputs, is there
any other way to combine auth facility messages into a single file? Should I
instead not attach rulesets to the inputs and instead call the rulesets via
the call function?
make an
On 7/20/17 6:54 PM, David Lang wrote:
On Thu, 20 Jul 2017, deoren wrote:
# /etc/rsyslog.conf
input(type="imuxsock" socket="/dev/log" ruleset="local")
input(type="imrelp" port="2514" KeepAlive="on" ruleset="remote")
The rules, both 'local' and 'remote', are pulled in via include files.
Am I
On Thu, 20 Jul 2017, deoren wrote:
# /etc/rsyslog.conf
input(type="imuxsock" socket="/dev/log" ruleset="local")
input(type="imrelp" port="2514" KeepAlive="on" ruleset="remote")
The rules, both 'local' and 'remote', are pulled in via include files.
Am I wrong to believe that rules wrapped
>> On Jul 19, 2017, at 8:37 AM, deoren wrote:
>>
>> I've setup a ruleset that is applied to messages arriving from
remote systems via imrelp. One action within that ruleset matches on
auth facility messages and places them into a "combined" auth log file.
Additionally an alert is generated via
As long as you’re not doing any type of filtering / if..then on $fromhost-ip
(or similar variable), you can setup a filter on something like prifilt and
it’ll capture anything - local or remote. E.g.:
if prifilt("authpriv.*") then {
action(
name = "LOCAL_MessagesToFile"
I've setup a ruleset that is applied to messages arriving from remote
systems via imrelp. One action within that ruleset matches on auth
facility messages and places them into a "combined" auth log file.
Additionally an alert is generated via ommail for matching patterns (SSH
logins).
In
7 matches
Mail list logo
