Save rsyslog data -
Bob Goodwin - Zuni, Virginia, USA
bobgoodwin at wildblue.net
Mon Aug 20 14:26:22 UTC 2012
On 19/08/12 21:08, Ed Greshko responds:
> FWIW, I use rsyslog to log messages from my Dlink router. I don't use the "source" method. I simply have this in my rsyslog.conf....
>
> if $msg contains 'D-Link' then /var/log/dlink.log
>
> since an entry from the router looks like this....
>
> Aug 20 09:04:05 Mon Aug 20 09:04:07 2012 D-Link Systems DIR-615 System Log: Blocked incoming UDP packet from 95.17.110.3:56119 to 211.75.128.215:88
>
> --
Well, for the first time I am saving something in /var/log/tomato.log!
[root at box9 bobg]$ ll /var/log/tomato.log
-rw-rw-r--. 1 root root 266 Aug 20 10:16 /var/log/tomato.log
[root at box9 bobg]$ cat /var/log/tomato.log
Aug 20 10:16:37 box9 rsyslogd: the last error occured in
/etc/rsyslog.d/emptyfile.conf, line 3:":source, isequal, tomato
/var/log/tomato.log"
Aug 20 10:16:37 box9 rsyslogd: the last error occured in
/etc/rsyslog.d/emptyfile.conf, line 4:":source, isequal, tomato ~"
It looks like it may want "box9" instead of "tomato" there?
--
http://www.qrz.com/db/W2BOD
box9
More information about the users
mailing list