I configured my system to put syslog to a remote machine. The logging is heavy and I am running out of memory. so I want to filter it based on priority for example log only error message. I see some of the option in rsyslog website
.=info;.=notice;\ mail.none /var/log/messages
But this filter criteria does not apply to remote machine only local machine is getting affected. Please let me know how to filter for remote machine.
Here is a syntax that allows you to easily filter the log transfer. The filter is placed on the local0 facility :
local0.* @@(o)10.0.0.1:514
You can also consider a filter on priority that transfer from priority specified to the highest priority :
*.error @@(o)10.0.0.1:514
will forward logs with priority error, critical, alert and emergency
And finaly, you can combine :
local0.*;*.error @@(o)10.0.0.1:514
** It's possbile to use conditional structures as explained here.: http://www.rsyslog.com/doc/rsyslog_conf_filter.html
