LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
Reload this Page rsyslog nested conditions
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 07-11-2012, 10:23 AM   #1
icegood
Member
 
Registered: Sep 2009
Distribution: ubuntu 21.04
Posts: 65

Rep: Reputation: 15
rsyslog nested conditions

How to apply nested conditions in rsyslog as in pseudo-C+rsyslog it should be like this:
Code:
if ($(fromhost-ip) == '192.168.73.1') then
  if (msg, contains, "DROP") then
    /var/log/my_router/dropped;
  else if (msg, contains, "REJECT") then
    /var/log/my_router/rejected;
  else
    /var/log/my_router/general;
 
Old 07-11-2012, 03:54 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Reading http://www.rsyslog.com/doc/omruleset.html I make it look something like:
Code:
$ModLoad omruleset

$RuleSet routerlogs
$RulesetCreateMainQueue on
:msg,contains,"DROP" /var/log/my_router/dropped
& ~
:msg,contains,"REJECT" /var/log/my_router/dropped
& ~

#switch back to default ruleset
$ruleset RSYSLOG_DefaultRuleset

$ActionOmrulesetRulesetName routerlogs
:FROMHOST, isequal, "192.168.73.1" :omruleset:

*.* /var/log/my_router/general
...or not. I didn't test this rule set so YMMV(VM). Best not use Live log sources unless you've got a default rule target (don't discard) and know how to perform basic Rsyslog troubleshooting.
 
Old 07-11-2012, 04:30 PM   #3
icegood
Member
 
Registered: Sep 2009
Distribution: ubuntu 21.04
Posts: 65

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by unSpawn View Post
...
Yep. Life is hard for today
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: if then else Conditions LXer Syndicated Linux News 0 04-15-2011 12:00 PM
Limit in bash for conditions? webaccounts Linux - Newbie 7 09-21-2008 08:25 AM
functions in case conditions viveksnv Programming 4 04-02-2008 10:15 PM
Multiple If conditions keysorsoze Programming 4 12-12-2007 01:07 AM
New to shell scripting. Need help with conditions koobi Programming 12 11-09-2007 07:28 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 06:04 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration