Save rsyslog data -

[Ed Greshko]

On 08/20/2012 11:58 PM, Bob Goodwin - Zuni, Virginia, USA wrote:
> [root at box9 bobg]# cat /var/log/messages
>
> ................  snip a few megs  ................
>
> Aug 20 11:52:44 localhost kernel: ACCEPT IN=br0 OUT=vlan1 SRC=192.168.1.9 DST=74.126.6.130 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=3031 DF PROTO=TCP SPT=54392 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A01BB124B0000000001030307)
> Aug 20 11:52:49 box9 dbus-daemon[584]: ** Message: No devices in use, exit
> Aug 20 11:52:55 localhost kernel: ACCEPT IN=br0 OUT=vlan1 SRC=192.168.1.9 DST=74.126.6.130 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=58958 DF PROTO=TCP SPT=54393 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A01BB3D530000000001030307)
> Aug 20 11:52:55 localhost rstats[3474]: Problem loading /home/bobg/Ulog. Still trying...
> Aug 20 11:53:08 localhost kernel: ACCEPT IN=br0 OUT=vlan1 SRC=192.168.1.9 DST=74.126.6.130 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=40904 DF PROTO=TCP SPT=54394 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A01BB68E30000000001030307)

It was my understanding that you were trying to shunt log entries sent by your "router" to a file different than /var/log/messages.

What you are showing are logs generated by your "localhost" that are created by iptables.  You seem to have a rule set up to log entries with "ACCEPT" which is certain to fill up your log files.

I think your "problem" is really in your iptables setup and nothing to do with rsyslog.

-- 
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -- Rick Cook, The Wizardry Compiled