# kill all INTF-FLAP messages...
if $msg contains 'INTF-FLAP' then /dev/null
&~
## Cisco ACS Accounting...
if ($fromhost-ip=='172.17.16.20') and ($programname == 'CSCOacs_TACACS_Accounting') then /var/log/tacacs_acct.log
&~
## CiscoACS 5.4 TACACS Authentication
if ($fromhost-ip=='172.17.16.20') and ($programname == 'CSCOacs_Passed_Authentications') then /var/log/tacacs_auth.log
&~
# Logging for Chicago issues...
if $fromhost-ip startswith '172.17.25' then /var/log/net/chicago.log
& ~
# Logging for Dallas issues...
if $fromhost-ip startswith '172.17.27' then /var/log/net/dallas.log
& ~
# Logging for firewall...
if $fromhost-ip=='172.17.4.4' then @10.14.12.12
if $fromhost-ip=='172.17.4.4' then /var/log/net/firewall.log
if $fromhost-ip == '192.168.152.137' then {
action(type="omfile" file="/var/log/remotefile02")
stop
}
if $fromhost-ip startswith '192.0.1.' then /var/log/network1.log
& ~
// rsyslog 커스텀 하는 방법
http://www.loggly.com/ultimate-guide/centralizing-apache-logs/
'프로젝트 관련 조사 > 로그 관련' 카테고리의 다른 글
| 정규식 적용 (0) | 2015.11.27 |
|---|---|
| [Rsyslog] Rsyslog conf 상황에 맞게 필터링 하기 (0) | 2015.11.24 |
| 정규표현식 - 1장 (0) | 2015.11.12 |
| 자주 쓰는 정규 표현식 (0) | 2015.11.11 |
| fluentd 이용하여 로그 mysql에 저장하기 (0) | 2015.11.11 |