Hi Guys I have the following configuration lines in rsyslog but none of them helps me write to the destination file.
if $msg contains "Tampering" then /var/log/camaras.log
if $msg contains "Start one" then /var/log/camaras.log
if $fromhost-ip=='172.16.1.5' and ($rawmsg contains 'Tampering') then /var/log/camaras.log
if $rawmsg contains 'Tampering' then {action(type="omfile" File="/var/log/camaras.log") stop}
if $rawmsg contains 'Tampering' then /var/log/camaras.log
the example message is
[RTSP SERVER]: Start one session, IP=172.16.57.3 [RTSP SERVER]: Tampering Detected, IP=172.16.57.8
What can be?
thanks for your help
Does the syslog user have permission to write to those destinations?
Any clues in /var/log/messages ?
Hello, yes, the user has permissions, I currently have the configuration like this:
if $ fromhost-ip == '172.16.254.25' then /var/log/camaras.log
and it works fine, but I have more than three thousand devices and the configuration file becomes unmanageable
Thanks
Hi @josedgaravito,
You will need to define a template and apply it based on how you wish to classify your logs. Are you trying to build one file per host ip or have all the data in the camaras.log file ? How exactly are you expecting your data to be stored ?