0

I am sending mail message logs and amp logs from the same server 10.10.10.10 via syslog to my RHEL7 server. I am running rsyslog and have the following config file:

mail_logs.conf

$template NetworkLog, "/var/log/mail_logs/mail_logs.log"
:fromhost-ip, isequal, "10.10.10.10" -?NetworkLog
& ~

And my mail_logs.log looks like:

Oct 16 10:58:01 server.com mail_mess_logs: Info: Begin Logfile
Oct 16 10:58:01 server.com mail_mess_logs: Info: Version: 0.0.0 SN:...
Oct 16 10:58:01 server.com mail_mess_logs: Info: Time offset from UTC: -14400 seconds
Oct 16 10:58:02 server.com amp_logs: Info: Begin Logfile
Oct 16 10:58:02 server.com amp_logs: Info: Version: 0.0.0 SN:...
Oct 16 10:58:02 server.com amp_logs: Info: Time offset from UTC: -14400 seconds

I would like to break these up by mail_mess_logs and amp_logs so I would have 2 files like:

mail_mess_logs.log

Oct 16 10:58:01 server.com mail_mess_logs: Info: Begin Logfile
Oct 16 10:58:01 server.com mail_mess_logs: Info: Version: 0.0.0 SN:...
Oct 16 10:58:01 server.com mail_mess_logs: Info: Time offset from UTC: -14400 seconds

amp_logs.log

Oct 16 10:58:02 server.com amp_logs: Info: Begin Logfile
Oct 16 10:58:02 server.com amp_logs: Info: Version: 0.0.0 SN:...
Oct 16 10:58:02 server.com amp_logs: Info: Time offset from UTC: -14400 seconds

How can I accomplish this?

Improve this question

1 Answer 1

Reset to default
1

You are using one of the older, more basic filter styles supported by rsyslog. A slightly less old style allows you to use expressions including the and operator. The property programname should hold the "mail_mess_logs" string. So you can do

if $fromhost-ip=="10.10.10.10" and $programname=="mail_mess_logs" then -/var/log/mail_logs/mail_mess_logs.log
if $fromhost-ip=="10.10.10.10" and $programname=="amp_logs" then -/var/log/mail_logs/amp_logs.log

Alternatively, there is a more sophisticated style called RainerScript.

Improve this answer
1
  • Very clean I like it. @meuh Commented Oct 16, 2019 at 18:10

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.