Rsyslog
Craig DeAbCa
craig at deciusac.com
Sat Jan 23 05:04:03 UTC 2016
Hello Everyone, Let me admit that i'm new to Rsyslog, I have a server setup
BUT for some reason it stopped receiving messages last-night and I cant
figure out why..
This is my config can you tell me what i'm missing..
#Rules
#Postfix_Logs
$template
usidsmail,"/var/log/scandium/us_production/idsmail/%$year%%$month%%$day%.log"
if $fromhost-ip == ["10.2.0.138", "10.2.0.160", "10.2.0.161", "10.2.0.173",
"10.2.0.178", "10.2.0.179"] and $programname == 'postfix' then -?usidsmail
& stop
$template
euidsmail,"/var/log/scandium/eu_production/idsmail/%$year%%$month%%$day%.log"
if $fromhost-ip == ["10.7.0.14", "10.7.0.15"] and $programname == 'postfix'
then -?euidsmail
& stop
$template
stagingidsmail,"/var/log/scandium/staging/idsmail/%$year%%$month%%$day%.log"
if $fromhost-ip == '10.0.0.184' and $programname == 'postfix' then
-?stagingidsmail
& stop
#IDS_Logs
$template
usids,"/var/log/scandium/us_production/ids/%$year%%$month%%$day%.log"
if $fromhost-ip == ["10.2.0.173", "10.2.0.138", "10.2.0.160", "10.2.0.178",
"10.2.0.179"] then -?usids
& stop
$template
euids,"/var/log/scandium/eu_production/ids/%$year%%$month%%$day%.log"
if $fromhost-ip == ["10.7.0.14", "10.7.0.15"] then -?euids
& stop
$template
stagingids,"/var/log/scandium/staging/ids/%$year%%$month%%$day%.log"
if $fromhost-ip == '10.0.0.184' or $fromhost-ip == 'andromeda.ttinet' then
-?stagingids
& stop
#Firewall
$template eufw,"/var/log/scandium/eu_firewall/%$year%%$month%%$day%.log"
if $fromhost-ip == '10.7.0.1' or $fromhost-ip == '10.6.0.1' then -?eufw
& stop
$template psfw,"/var/log/scandium/ps_firewall/%$year%%$month%%$day%.log"
if $fromhost-ip == '10.1.0.1' or $fromhost-ip == '10.255.0.2' then -?psfw
& stop
$template iofw,"/var/log/scandium/io_firewall/%$year%%$month%%$day%.log"
if $fromhost-ip == '10.255.0.1' or $fromhost-ip == '10.2.0.1' then -?iofw
& stop
#Proxy
$template proxy,"/var/log/scandium/proxy/%$year%%$month%%$day%.log"
if $fromhost-ip == '10.2.0.143' or $fromhost-ip == '10.2.0.158' then -?proxy
& stop
#DB
$template database,"/var/log/scandium/database/%$year%%$month%%$day%.log"
if $fromhost-ip == '10.2.0.24' or $fromhost-ip == '10.2.0.26' then
-?database
& stop
#Junk
$template
dockerjunk,"/var/log/scandium/eu_production/errors/%$year%%$month%%$day%.log"
if $fromhost-ip == ["10.7.0.14", "10.7.0.15"] and $programname ==
'apparmor' then -?dockerjunk
& stop
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20160122/e35587c5/attachment.html>
More information about the ubuntu-users
mailing list