Save rsyslog data -
Bob Goodwin - Zuni, Virginia, USA
bobgoodwin at wildblue.net
Mon Aug 20 14:44:09 UTC 2012
On 20/08/12 10:26, Bob Goodwin - Zuni, Virginia, USA responds:
> On 19/08/12 21:08, Ed Greshko responds:
>> FWIW, I use rsyslog to log messages from my Dlink router. I don't use the "source" method. I simply have this in my rsyslog.conf....
>>
>> if $msg contains 'D-Link' then /var/log/dlink.log
>>
>> since an entry from the router looks like this....
>>
>> Aug 20 09:04:05 Mon Aug 20 09:04:07 2012 D-Link Systems DIR-615 System Log: Blocked incoming UDP packet from 95.17.110.3:56119 to 211.75.128.215:88
>>
>> --
> Well, for the first time I am saving something in /var/log/tomato.log!
>
> [root at box9 bobg]$ ll /var/log/tomato.log
> -rw-rw-r--. 1 root root 266 Aug 20 10:16 /var/log/tomato.log
>
>
> [root at box9 bobg]$ cat /var/log/tomato.log
> Aug 20 10:16:37 box9 rsyslogd: the last error occured in
> /etc/rsyslog.d/emptyfile.conf, line 3:":source, isequal, tomato
> /var/log/tomato.log"
> Aug 20 10:16:37 box9 rsyslogd: the last error occured in
> /etc/rsyslog.d/emptyfile.conf, line 4:":source, isequal, tomato ~"
>
> It looks like it may want "box9" instead of "tomato" there?
>
>
>
>
I've tried several forms:
/etc/rsyslog.d/emptyfile.conf
:source, isequal, 192.168.1.9 /var/log/tomato.log
:source, isequal, 192.168.1.9 ~
But can't find the right one.
[bobg at box9 ~]$ cat /var/log/tomato.log
Aug 20 10:30:24 box9 rsyslogd: the last error occured in
/etc/rsyslog.d/emptyfile.conf, line 3:":source, isequal,
192.168.1.9 /var/log/tomato.log"
--
http://www.qrz.com/db/W2BOD
box9
More information about the users
mailing list