Back to your phpLogCon instanceHi all,
I am sending (*.info;mail.none;authpriv.*;cron.none) to my remote rsyslog server @@10.0.0.4 and this is logging both the client and servers (*.info;mail.none;authpriv.*;cron.none) to /var/log/messages
Is there a way that I can log the local servers events (*.info;mail.none;authpriv.*;cron.none) to /var/log/messages (the way it works now) and any other external hosts logs to /logs/rsyslogs/allmessages.log?
is there a switch based on, say, everything except the local servers hostname?
writing to 2 different logs
Moderator: rgerhards
5 posts • Page 1 of 1
Professional Services Information
- Custom written rsyslog.conf?
- Maintenance Contract?
- Installation support?
Re: writing to 2 different logs
by rgerhards » Mon Feb 23, 2009 3:25 pm
so do you want to log some messages ONLY to the remote hosts and others ONLY to the local host?
-
rgerhards - Site Admin
- Posts: 2647
- Joined: Thu Feb 13, 2003 11:57 am
Re: writing to 2 different logs
by macboyau » Mon Feb 23, 2009 5:38 pm
rgerhards wrote:so do you want to log some messages ONLY to the remote hosts and others ONLY to the local host?
no.
there are several hosts sending the same info to /var/log/messages locally & to an external server. Lets say 10.0.0.4.
So the line in each client config it would look like this...
- Code: Select all
*.info;mail.none;authpriv.*;cron.none /var/log/messages
& @@10.0.0.4;SendWithoutTimestampTemplate
Now, there is one server (IP: 10.0.0.4) that is collecting these forwarded messages from the clients.
Upon collecting these messages it currently writes it to a single log. This is currently /var/log/messages locally on this server.
What I am trying to do is, on the server, keep /var/log/messages only for local server messages and have all the incoming client data for everything that is not the local server written to a separate log. Let's say /logs/rsyslog.log.
That is what I am trying to achieve.
I need to know the way to differentaite between data that has been accepted through TCP and data that has occured locally. Then route the data that has come in via TCP to /logs/rsyslog.log.
- macboyau
- Avarage
- Posts: 10
- Joined: Thu Jan 22, 2009 3:31 pm
Re: writing to 2 different logs
by trefalgar » Tue Feb 24, 2009 6:43 pm
There's an example on the wiki that would answer your questions:
http://wiki.rsyslog.com/index.php/Sysklogd_drop-in_with_remote_logs_separated_by_dynamic_directory
http://wiki.rsyslog.com/index.php/Sysklogd_drop-in_with_remote_logs_separated_by_dynamic_directory
- trefalgar
- Advanced
- Posts: 42
- Joined: Mon Sep 15, 2008 10:42 pm
Re: writing to 2 different logs
by vmix » Wed Feb 25, 2009 2:34 am
This may not fit your need exactly, but I do the following, where /var/log is actually a symlink to /opt/logs/system:
Every host has its own messages log file, including the centralized logging host.
Dan
- Code: Select all
$template messages,"/var/log/messages/%$YEAR%%$MONTH%%$DAY%/messages_%HOSTNAME%_%$YEAR%%$MONTH%%$DAY%.log"
*.info;mail.none;authpriv.none;cron.none -?messages;TraditionalFormat
Every host has its own messages log file, including the centralized logging host.
Dan
-
vmix - Advanced
- Posts: 35
- Joined: Tue May 06, 2008 5:48 pm
- Location: San Diego, CA
Google Ads
5 posts • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 0 guests
