I have 2 remote hosts sending apache_{error,access}.log files to the rsyslog-server, and that's all fine and good.
What I'm having trouble with is that the apache traffic on both hosts is sending the same traffic to /var/log/messages and /var/log/syslog on each respective host.
Since they are using the exact same watchfile.conf and exhibit the same behaviour, here's the /etc/rsyslog.d/watchfile.conf
Code:
$ModLoad imfile
# apache error.log
$RepeatedMsgReduction on
$InputFileName /var/log/apache2/error.log
$InputFileTag error:
$InputFileStateFile state_file_error_apache
$InputFileFacility local6
$InputRunFileMonitor
$InputFilePollInterval 10
# apache access.log
$InputFileName /var/log/apache2/access.log
$InputFileTag access:
$InputFileStateFile state_file_access_apache
$InputFileFacility local6
$InputRunFileMonitor
$InputFilePollInterval 10
if $programname == 'access' then @rsyslog-server:514
& ~
if $programname == 'errors' then @rsyslog-server:514
& ~
I changed InputFileFacility to local6 after reading
this - no change.
I tried variations on
Code:
local4.=info /var/log/apache_error.log
& ~
local4.=error /var/log/apache_error.log
& ~
in /etc/ryslog.conf after adding
Code:
$InputFileSeverity info
to the watchfile.conf and restarted.
- didn't help.
Examined references are
http://kb.monitorware.com/post24302....licates#p24302
http://wiki.gentoo.org/wiki/Rsyslog#Local_Logging
https://access.redhat.com/discussions/650853
and several others.
Can someone put me out of my misery and point out the obvious?
Thanks.