MonitorWare Knowledge Base

Hi,

I'm running 2.0.0-11 (version included with redhat 5.2)

I want to filter all the messages from external syslog devices to one file and all messages from the localhost to another file.

However even with the -x option turned on when a local service (such as crond) sends a message to the log the hostname is set to the domain name of the server.

So I can't use the following to match:
:HOSTNAME, isequal, "localhost" /var/log/messages
:HOSTNAME, !isequal, "localhost" /var/log/externalsyslog

I could replace "localhost" with "dnsname" to get it to work, but I would like a generic method that will work on all the syslog servers I have.

I've also tried :FROMHOST-IP, !isequal, "127.0.0.1" ?SyslogOutputFileName
but a debug tells me that FROMHOST-IP is an invalid property name.

Is there some switch that will cause rsyslog to report the local services as sending from localhost or 127.0.0.1 rather than the hostname of the localhost.


thanks,

niall

• Custom written rsyslog.conf?
• Maintenance Contract?
• Installation support?

Hi,

You use expression filters as shown in http://www.rsyslog.com/doc-rsyslog_conf.html
or
you change one the name of local host to some other in /etc/hosts and let me know whether it works.

Mhhh... I think there is no generic way to do that in v2... Anyone else?

Have you tried using fromhost-ip in lower case? The properties were case sensitive prior to 3.17.0...

-HKS