Logging from remote sources
Matthew Flaschen
matthew.flaschen at gatech.edu
Tue Mar 3 03:57:16 UTC 2009
Gene Heskett wrote:
>> I think it's something like:
>> :hostname, isequal, "router"
>>
>> *.* /var/log/DD_WRT_router.log
>>
> I tried that, and it duplicated the host machines log to the target. :)
Can you clarify? You put it as three lines like that?
> So I'm now trying:
> :msg, contains, "router" /var/log/dd-wrt/router.log
Counter-intuitively (but seemingly confirmed by some quick testing), I
don't think hostname is part of the message. I have another idea that
DID appear to work (obviously I tested with my own hostname), though it
didn't log as much as I expected ...</ominous>:
:HOSTNAME, isequal, "router" /var/log/dd-wrt/router.log
All one line, capitalized HOSTNAME. Also, just to be safe make sure
/var/log/dd-wrt/router.log already exists with the same permissions
(user/group/mode) as /var/log/messages before you restart rsyslogd.
> If I put it on two lines, it fussed on the restart because there was a line
> without an action.
Right, my mistake.
> Is it an absolute requirement? If not, how to stop it?
You /might/ be able to disable it if you hard-coded the MAC address of
every machine (including routers, firewalls, etc.) on your LAN.
However, I highly advise against attempting this.
Matt Flaschen
More information about the fedora-list
mailing list