Is it possible to selectively apply a dynamic file template to input from
IMTCP based on a specific host like the following?
##### Rule ####
if $fromhost-ip == '10.40.83.207' then {
action(type="omfile" dynafile="RemoteServer1")
stop
}
input(type="imptcp" port="10514" ruleset="RemoteServer")
##### End Rule ####
My log files are on a central log collector (where this rule is applied)
but it doesn't seem to be working. No error in when I validate syntax but
no logfiles as expected.
Since my central log collector is behind a firewall, I can't easily (nor
quickly) add an additional bind port with another input so I'm trying to
prototype the above logic using a rule.
I also don't want to apply the rule to every incoming TCP logfile until I
have performed this validation.
Any guidance is much appreciated.
*Scott Slattery*
--
*For more information on how and why we collect your personal
information, please visit our Privacy Policy
<https://www.motorolasolutions.com/en_us/about/privacy-policy.html?elqTrackId=8980d888905940e39a2613a7a3dcb0a7&elqaid=2786&elqat=2#privacystatement>.*
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
IMTCP based on a specific host like the following?
##### Rule ####
if $fromhost-ip == '10.40.83.207' then {
action(type="omfile" dynafile="RemoteServer1")
stop
}
input(type="imptcp" port="10514" ruleset="RemoteServer")
##### End Rule ####
My log files are on a central log collector (where this rule is applied)
but it doesn't seem to be working. No error in when I validate syntax but
no logfiles as expected.
Since my central log collector is behind a firewall, I can't easily (nor
quickly) add an additional bind port with another input so I'm trying to
prototype the above logic using a rule.
I also don't want to apply the rule to every incoming TCP logfile until I
have performed this validation.
Any guidance is much appreciated.
*Scott Slattery*
--
*For more information on how and why we collect your personal
information, please visit our Privacy Policy
<https://www.motorolasolutions.com/en_us/about/privacy-policy.html?elqTrackId=8980d888905940e39a2613a7a3dcb0a7&elqaid=2786&elqat=2#privacystatement>.*
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.