Getting Data In

Rsyslog config not work - does not write to the file

josedgaravito
New Member

Hi Guys I have the following configuration lines in rsyslog but none of them helps me write to the destination file.

if $msg contains "Tampering" then /var/log/camaras.log

if $msg contains "Start one" then /var/log/camaras.log

if $fromhost-ip=='172.16.1.5' and ($rawmsg contains 'Tampering') then /var/log/camaras.log

if $rawmsg contains 'Tampering' then {action(type="omfile" File="/var/log/camaras.log") stop}

if $rawmsg contains 'Tampering' then /var/log/camaras.log

the example message is

[RTSP SERVER]: Start one session, IP=172.16.57.3 [RTSP SERVER]: Tampering Detected, IP=172.16.57.8

What can be?

thanks for your help

0 Karma

jkat54
SplunkTrust
SplunkTrust

Does the syslog user have permission to write to those destinations?

Any clues in /var/log/messages ?

0 Karma

josedgaravito
New Member

Hello, yes, the user has permissions, I currently have the configuration like this:

if $ fromhost-ip == '172.16.254.25' then /var/log/camaras.log

and it works fine, but I have more than three thousand devices and the configuration file becomes unmanageable

Thanks

0 Karma

DavidHourani
Super Champion

Hi @josedgaravito,

You will need to define a template and apply it based on how you wish to classify your logs. Are you trying to build one file per host ip or have all the data in the camaras.log file ? How exactly are you expecting your data to be stored ?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...