Reputation: 141
How to filter Remote Syslog messages on Red Hat?
I'm using a unified log on a server running Red Hat 6, receiving directed log messages from others servers and managing them with RSyslog. Until now, the /etc/rsyslog.conf have this rule:
if $fromhost-ip startswith '172.20.' then /var/log/mylog.log
But I don't want to log messages that contains "kernel" and "dnat", so I want to filter all messages, enhancing the rule.
How can I do that?
Upvotes: 2
Views: 1529
Answers (1)
Reputation:
This looks like a question better suitable for Unix & Linux. Having appropriately notified that this is not the right place, I'll go and break the rules by answering it anyway.
Depending a bit on the version of Red Hat you're using, you can use rsyslogd's conditional filters or RainerScript in various ways to express a combination of several logical rules. On Red Hat 6 you could say something like this to accomplish what you want using a conditional filter:
if ( $fromhost-ip startswith '172.20.' and \
$syslog-facility-text != 'kern' ) then /var/log/mylog.log
You can find more examples from the Rsyslog v5 manual.
Upvotes: 1
Related Questions
- Rsyslog central logging separate local logs
- rsyslog - Property-based filtering not working
- rsyslog filtering and forwarding
- How to Filter log based upon log severity in Rsyslog?
- Why does rsyslog isequal filter fail?
- rsyslog import non standard logs
- rsyslog not filtering messages into separate log file
- how to send log to a remote log server through rsyslog?
- Rsyslog filtering
- How to stop Rsys from sending log data