How to create a separate logfile for host sending logging to rsyslog
After struggling and googling on the internet I can't manage it to work.
I have stup rsyslog to receive the logging from my firewall and it puts it into the syslog file.
But I would like to have a separate logfile for these messages.
I have created the firwall.log file with owner syslog, same as for the syslog file.
I already have tried to use in the /etc/rsyslog.d/10-firewall.conf the following :
:msg, contains, "firewalld" /var/log/firewall.log
or
:msg, contains, "firewalld" -/var/log/firewall.log
I don't know the difference between the "-" sign in the lines but I have seen also those kind of situations.
I also have put this line into the 50-default.conf file because I thought it wasn't seeing the 10-firewall.conf file but no work.
I have added a $template HostMessages, "/var/log/%HOSTNAME%/logfile.log" in the /etc/rsyslog.conf file but neither it works.
In the firewall I can see the Syslog facility is now on LOG_LOCAL0 and I can change it from LOCAL0, LOCAL1, LOCAL2, ... until LOCAL7
What does these different numbers mean?
Where does it go wrong ?
Last edited by rytec; 02-16-2011 at 10:53 AM.
Reason: extra information
|