Re: Save rsyslog data -

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 20/08/12 11:42, Ed Greshko responds:

On 08/20/2012 11:29 PM, Bob Goodwin - Zuni, Virginia, USA wrote:

    It doesn't seem to accept double quotes, single still  yields an
    error message.

        [bobg@box9 ~]$ cat /var/log/tomato.log

        Aug 20 11:02:27 box9 rsyslogd: the last error occured in
        /etc/rsyslog.d/emptyfile.conf, line 3:":source, isequal,
        '192.168.1.9' /var/log/tomato.log"

Well...  All I can say at this point is....

1.  I don't use :source

2.  I log info from my dlink in a file which is not /var/log/messages and that is what I think you are trying to do.

3.  These work just fine for me....

if $msg contains 'from 192.168.0.18' then ~   (discard messages which match)
if $msg contains 'D-Link' then /var/log/dlink.log   (log messages containing D-Link in dlink.log)

or

:msg, contains, "from 192.168.0.1" ~
:msg, contains, "D-Link" /var/log/dlink.log

So....  Maybe you should post a copy of the entries that are filling up your /var/log/messages file?




[root@box9 bobg]# cat /var/log/messages

................  snip a few megs  ................
Aug 20 11:52:44 localhost kernel: ACCEPT IN=br0 OUT=vlan1 SRC=192.168.1.9 DST=74.126.6.130 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=3031 DF PROTO=TCP SPT=54392 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A01BB124B0000000001030307) 
Aug 20 11:52:49 box9 dbus-daemon[584]: ** Message: No devices in use, exit
Aug 20 11:52:55 localhost kernel: ACCEPT IN=br0 OUT=vlan1 SRC=192.168.1.9 DST=74.126.6.130 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=58958 DF PROTO=TCP SPT=54393 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A01BB3D530000000001030307) Aug 20 11:52:55 localhost rstats[3474]: Problem loading /home/bobg/Ulog. Still trying... Aug 20 11:53:08 localhost kernel: ACCEPT IN=br0 OUT=vlan1 SRC=192.168.1.9 DST=74.126.6.130 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=40904 DF PROTO=TCP SPT=54394 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A01BB68E30000000001030307) 



--
http://www.qrz.com/db/W2BOD

box9

--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux