rsyslog, log msgs in a different file

R C cjvijf at gmail.com
Mon Feb 19 01:45:53 UTC 2024


On 2/18/24 18:29, Karl Auer wrote:
> On Sun, 2024-02-18 at 17:40 -0700, R C wrote:
>> actually,  what I ended up doing is check the ip address, and  use
>> that to move themessages to a specific file.
> You can invert an operation with "!". Maybe you could identify your
> remotes with something like "!isequal 127.0.0.1"? Or identify uor local
> host with "isequal 127.0.0.1".

I have to read a little more about/into it. But  in rsyslog, filters etc 
is a bit like wireshark filters,  you need to have some time and some 
advil to wade through it. I have no doubt that there is a way to look 
for an exact match for an ip address or hostname, or some reverse lookup 
even. It's not elegant to do it that way (brute force checking IPs), but 
then again, most things that need to be robust and work typically don't 
have a elegance requirement.

> That way, one rule neatly grabs everything that isn't (or is) local,
> and your other rules then distribute the rest.


I am going to check out how the "isequal" in rsyslog filters works with 
IPs from the client host (cause it could be  the same as that 
python/java equal, where if something is equal just "depends" on 
how/what and consequently what operator to use.)

>
> Regards, K.
>
regards,

Ron
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20240218/8c65f811/attachment.html>


More information about the ubuntu-users mailing list