Information: Forum is in read-only mode
For details and other support options see

Multiple rulesets for one input

This is the place for you, if you got rsyslog up and running but wonder how to make it do what you want.

Moderator: alorbach

Google Ads

Multiple rulesets for one input

Postby » Thu Jul 06, 2017 6:38 am

Hi all,

I am trying to configure Rsyslog with one listening port (UDP 514) for different types of devices. Some devices are Cisco routers and others are not. I know that Cisco devices are using different syslog message format. Therefore, I made a ruleset like below:

Code: Select all
parser(name="custom.ciscoios.withOrigin" type="pmciscoios" present.origin="on")
ruleset(name="ios" parser="custom.ciscoios.withOrigin") {
    action(type="omfile" file="/var/log/ciscoios")

input(type="imudp" port="514" ruleset="ios")

I believe the code above means that whatever Rsyslog receives via UDP 514, ios ruleset will be applied. If that is true, other non-cisco devices' syslog messages will also go through the ios ruleset and as a result the messages will be written into /var/log/ciscoios file. I want to avoid this. Is there any way to achieve this? Or is it not possible with only one listening port? Thank you.
Posts: 1
Joined: Wed Jul 05, 2017 10:19 pm

Urgent Question?

  • Pulling out your Hair?
  • Wasting Time and Money?
  • Deadline Approaching?

Google Ads

Return to Configuration

Who is online

Users browsing this forum: No registered users and 1 guest