rsyslog filter by tag
20,321
Your rule file should look like:
:syslogtag, isequal, "ABC:" /var/log/ABC.log
The syslogtag contains a : and should be enclosed in "".
Also, the file name must be before 50-default.conf in alphabetical order (for example 30-ABC.conf).
Note that the file /var/log/ABC.log should be writable by the 'syslog' user.
Source: how to filer rsyslog messages by tags.
Related videos on Youtube
09 : 54
Journalisation - Filtres Rsyslog
02 : 21
DevOps & SysAdmins: How to filter rsyslog messages by tags? (3 Solutions!!)
01 : 41
Ubuntu: rsyslog filter by tag
05 : 53
Simple forwarding with rsyslog (video tutorial)
10 : 19
Linux Basics: Logs || How to configure rsyslog
Author by
Mellowcandle
Updated on September 18, 2022Comments
-
Mellowcandle over 1 year
I would like to create a rsyslogd config file that filter the syslog for specific tag and outputs this tag to a specific file.
I create a rule file under
/etc/rsyslog.d# Log kernel generated UFW log messages to file :syslogtag, isequal, "ABC" /var/log/ABC.log # Uncomment the following to stop logging anything that matches the last rule. # Doing this will stop logging kernel generated UFW log messages to the file # normally containing kern.* messages (eg, /var/log/kern.log) #& ~The file is created, however the messages with ABC tag still go to the
syslogfile. How do I do it correctly ?-
Bruno Pereira almost 11 yearsMake sure that your /etc/rsyslog.conf contains > $IncludeConfig /etc/rsyslog.d/* If not add it, without it the service will not read the config added to the /etc/rsyslog.d/ folder. If that is present then try adding the rule directly to your rsyslog.conf file.
-
Mellowcandle almost 11 yearsit already contains it. I think that I have an issue with the rule I declared, not the non-inclusion of it. (the file is created)
-
Bruno Pereira almost 11 yearsTrue, you are right about that.
-
