rsyslog server configuration syntax

Latest response

I am configuring a new rsyslog server to collect logs from other network devices.

Below is the xyz.conf file added inside /etc/rsyslog.d/. And that works as expected.

#

$umask 0000
template(name="DynFile" type="string" string="/var/log/remote/%$YEAR%-%$MONTH%-%$DAY%/%HOSTNAME%")
ruleset(name="RemoteMachine"){ action(type="omfile" dynaFile="DynFile" dirCreateMode="0755") }
module(load="imudp")
input(type="imudp" port="514" ruleset="RemoteMachine")
module(load="imtcp")
input(type="imtcp" port="514" ruleset="RemoteMachine")

#

Now I am looking to add one more scenario, to store all the mail.* logs from some of the servers to the file "/var/log/remote/%$YEAR%-%$MONTH%-%$DAY%/maillog".

I tried something like below but not working.

#
template(name="maillogs" type="string" string="/var/log/remote/%$YEAR%-%$MONTH%-%$DAY%/maillogs")
ruleset(name="mailrule"){ action(type="omfile" fromhost="mailserv1" or fromhost="mailserv2" and syslogfacility-text="mail" template="maillogs" dirCreateMode="0755")stop }
module(load="imudp")
input(type="imudp" port="514" ruleset="mailrule")

#

It will be great if anyone can share a correct syntax.

Thanks,
Bijeesh

BM

Responses