MonitorWare Knowledge Base

It was so much easier in syslog-ng to do this, but here is what I want to do.

I have a windows host at IP address 192.168.0.50. It it sending Windows event logs via syslog to 192.168.0.215 which is my rsyslog server. On my rsyslog server, I want any syslog messages from 192.168.0.50 to be placed into a file named /var/log/messages/192.168.0.50.windows.

What is the easiest way to do this? The documentation for rsyslog is among the worst I've seen unfortunately. I wonder how many others were turned away from it. I wouldn't be here if fedora and centos didn't install it by default.

Sorry for the rant and I anticipate your responses. And btw I searched the board and didn't find an answer I'm satisfied with

JC

• Custom written rsyslog.conf?
• Maintenance Contract?
• Installation support?

Got it.

if $fromhost-ip contains '192.168.0.50' /var/log/192.168.0.50.messages

^^ Note the single quotes if anyone is referencing this ^^

that would'nt work in versions 2.x which is all that comes with fedora and CentOS. what a pain in the arse. Not impressed with documentation and ease of use. Hopefully I'll find that all the possibilities with rsyslog will outweigh that