<div dir="ltr">Hello Everyone, Let me admit that i'm new to Rsyslog, I have a server setup BUT for some reason it stopped receiving messages last-night and I cant figure out why.. <div><br></div><div>This is my config can you tell me what i'm missing.. </div><div><br></div><div><div>#Rules</div><div>#Postfix_Logs</div><div>$template usidsmail,"/var/log/scandium/us_production/idsmail/%$year%%$month%%$day%.log"</div><div>if $fromhost-ip == ["10.2.0.138", "10.2.0.160", "10.2.0.161", "10.2.0.173", "10.2.0.178", "10.2.0.179"] and $programname == 'postfix' then -?usidsmail</div><div>& stop</div><div><br></div><div>$template euidsmail,"/var/log/scandium/eu_production/idsmail/%$year%%$month%%$day%.log"</div><div>if $fromhost-ip == ["10.7.0.14", "10.7.0.15"] and $programname == 'postfix' then -?euidsmail</div><div>& stop</div><div><br></div><div>$template stagingidsmail,"/var/log/scandium/staging/idsmail/%$year%%$month%%$day%.log"</div><div>if $fromhost-ip == '10.0.0.184' and $programname == 'postfix' then -?stagingidsmail</div><div>& stop</div><div><br></div><div><br></div><div><br></div><div>#IDS_Logs</div><div><br></div><div>$template usids,"/var/log/scandium/us_production/ids/%$year%%$month%%$day%.log"</div><div>if $fromhost-ip == ["10.2.0.173", "10.2.0.138", "10.2.0.160", "10.2.0.178", "10.2.0.179"] then -?usids</div><div>& stop</div><div><br></div><div>$template euids,"/var/log/scandium/eu_production/ids/%$year%%$month%%$day%.log"</div><div>if $fromhost-ip == ["10.7.0.14", "10.7.0.15"] then -?euids</div><div>& stop</div><div><br></div><div>$template stagingids,"/var/log/scandium/staging/ids/%$year%%$month%%$day%.log"</div><div>if $fromhost-ip == '10.0.0.184' or $fromhost-ip == 'andromeda.ttinet' then -?stagingids</div><div>& stop</div><div><br></div><div>#Firewall</div><div>$template eufw,"/var/log/scandium/eu_firewall/%$year%%$month%%$day%.log"</div><div>if $fromhost-ip == '10.7.0.1' or $fromhost-ip == '10.6.0.1' then -?eufw</div><div>& stop</div><div><br></div><div>$template psfw,"/var/log/scandium/ps_firewall/%$year%%$month%%$day%.log"</div><div>if $fromhost-ip == '10.1.0.1' or $fromhost-ip == '10.255.0.2' then -?psfw</div><div><br></div><div><div>& stop</div><div><br></div><div>$template iofw,"/var/log/scandium/io_firewall/%$year%%$month%%$day%.log"</div><div>if $fromhost-ip == '10.255.0.1' or $fromhost-ip == '10.2.0.1' then -?iofw</div><div>& stop</div><div><br></div><div>#Proxy</div><div>$template proxy,"/var/log/scandium/proxy/%$year%%$month%%$day%.log"</div><div>if $fromhost-ip == '10.2.0.143' or $fromhost-ip == '10.2.0.158' then -?proxy</div><div>& stop</div><div>#DB</div><div>$template database,"/var/log/scandium/database/%$year%%$month%%$day%.log"</div><div>if $fromhost-ip == '10.2.0.24' or $fromhost-ip == '10.2.0.26' then -?database</div><div>& stop</div><div><br></div><div>#Junk</div><div>$template dockerjunk,"/var/log/scandium/eu_production/errors/%$year%%$month%%$day%.log"</div><div>if $fromhost-ip == ["10.7.0.14", "10.7.0.15"] and $programname == 'apparmor' then -?dockerjunk</div><div><br></div><div>& stop</div></div><div><br></div><div><br></div></div></div>