0

I have logs being forwarded to my syslog server, I have built a filter in rsyslog.conf file that should put the logs into a separate logfile if it contains "username". Unfortunately it doesn't seems to be working, the filter I use is:

if ($fromhost-ip == '192.x.x.x.' and $msg contains 'Username' and $msg contains 'test') then /var/log/new.log;RFC3164fmt

Thanks for you help.

Bash Noob
  • 53
  • 2
  • 10
  • I would try the RSYSLOG_DebugFormat template (on all messages, like *.*) to see what each of these properties contain. Maybe then it will become clear which property doesn't match as expected. And I would also try taking out one condition at a time to see what's the problematic one. – Radu Gheorghe Sep 27 '15 at 18:45
  • @RaduGheorghe I am now trying with one condition only. However there are other filters in rsyslog.conf file and they are working properly... – Bash Noob Sep 29 '15 at 10:34

0 Answers0