Multiple rulesets for one input

This is the place for you, if you got rsyslog up and running but wonder how to make it do what you want.

Moderator: rgerhards

Google Ads


Multiple rulesets for one input

Postby eoin.kim » Thu Jul 06, 2017 6:38 am

Hi all,

I am trying to configure Rsyslog with one listening port (UDP 514) for different types of devices. Some devices are Cisco routers and others are not. I know that Cisco devices are using different syslog message format. Therefore, I made a ruleset like below:

Code: Select all
parser(name="custom.ciscoios.withOrigin" type="pmciscoios" present.origin="on")
ruleset(name="ios" parser="custom.ciscoios.withOrigin") {
    action(type="omfile" file="/var/log/ciscoios")
}

input(type="imudp" port="514" ruleset="ios")


I believe the code above means that whatever Rsyslog receives via UDP 514, ios ruleset will be applied. If that is true, other non-cisco devices' syslog messages will also go through the ios ruleset and as a result the messages will be written into /var/log/ciscoios file. I want to avoid this. Is there any way to achieve this? Or is it not possible with only one listening port? Thank you.
eoin.kim
New
 
Posts: 1
Joined: Wed Jul 05, 2017 10:19 pm

Urgent Question?

  • Pulling out your Hair?
  • Wasting Time and Money?
  • Deadline Approaching?

Google Ads


Return to Configuration

Who is online

Users browsing this forum: No registered users and 2 guests

cron