Rsyslog logs are beeing duplicated

Question

I am having a problem with rsyslog that is duplicating the logs. I have configured rsyslog to receive logs from remote servers - Windows(installed a service that is converting events to syslog) and Linux. For this purpose I have added the following rows in rsyslog.conf as here:

######################
#### REMOTE RULES ####
######################


if $fromhost-ip == 'xx.xxx.xxx.xxx' then /var/log/RemoteSystems/remote1/remote1.log
&~
#
if $fromhost-ip == 'xx.xxx.xxx.xxy' then /var/log/RemoteSystems/remote2/remote2.log
&~
#
............

I would like to receive the logs only in these files - remote1.log and remote2.log, but some logs are also duplicated in auth.log, syslog, kern.log.

The other 2 conf files under rsyslog.d are default for Ubuntu.

score 0 · Answer 1 · edited Jul 07 '22 at 20:12

0

From the rsyslog site:

if $fromhost-ip == '192.168.152.137' then {
        action(type="omfile" file="/var/log/remotefile02")
        stop
    }

edited Jul 07 '22 at 20:12

slhck

317
2
17

answered Mar 10 '17 at 19:33

slass100

111
1

Rsyslog logs are beeing duplicated

1 Answers1

Linked