rsyslog filter by tag
20,321
Your rule file should look like:
:syslogtag, isequal, "ABC:" /var/log/ABC.log
The syslogtag contains a :
and should be enclosed in ""
.
Also, the file name must be before 50-default.conf
in alphabetical order (for example 30-ABC.conf
).
Note that the file /var/log/ABC.log
should be writable by the 'syslog' user.
Source: how to filer rsyslog messages by tags.
Related videos on Youtube
Author by
Mellowcandle
Updated on September 18, 2022Comments
-
Mellowcandle over 1 year
I would like to create a rsyslogd config file that filter the syslog for specific tag and outputs this tag to a specific file.
I create a rule file under
/etc/rsyslog.d
# Log kernel generated UFW log messages to file :syslogtag, isequal, "ABC" /var/log/ABC.log # Uncomment the following to stop logging anything that matches the last rule. # Doing this will stop logging kernel generated UFW log messages to the file # normally containing kern.* messages (eg, /var/log/kern.log) #& ~
The file is created, however the messages with ABC tag still go to the
syslog
file. How do I do it correctly ?-
Bruno Pereira almost 11 yearsMake sure that your /etc/rsyslog.conf contains > $IncludeConfig /etc/rsyslog.d/* If not add it, without it the service will not read the config added to the /etc/rsyslog.d/ folder. If that is present then try adding the rule directly to your rsyslog.conf file.
-
Mellowcandle almost 11 yearsit already contains it. I think that I have an issue with the rule I declared, not the non-inclusion of it. (the file is created)
-
Bruno Pereira almost 11 yearsTrue, you are right about that.
-