i have a custom daemon that gives logs to rsyslog facility "local1" with two security levels – "info" and "debug". I need to write "info" logs to /var/log/info and "debug" logs to /var/log/debug.
I edited rsyslog.conf
local1.*;local1.debug /var/log/info.log
local1.debug /var/log/debug.log
When daemon gives "info" logs it works well, it writes to info.log and debug.log is empty.
But when i get "debug" logs it writes to both files.
Help me to exclude debug logs from info.log.
;local1.=debug
not working.
I also tried to write
local1.!debug /var/log/info.log
But still not working (in this config info logs is empty)
rsyslog 8.24.0-12
Centos 7.4
UPDATE
local1.info /var/log/info.log
local1.debug;local1.info /var/log/debug.log
Not working too, info goes to info.log, it's ok. But in debug.log there is info+debug, and i can't exclude info from it. ;local1.info
not working
Best Answer
The key is in the man page:
So if you want to exclude debug, just state the next highest priority, which is info:
This will mean that all messages of priority info and higher will go to /var/log/info.log.
For the debug log, the solution is also in the man page:
So that line should read
to get only debug messages.