I set up an Rsyslog server that can receive messages from clients. The problem is that everything is concatenated to /var/log/syslog, so I'm trying to set up a filter server side.
I added this line at the end of /etc/rsyslog.conf
:
if $fromhost-ip == '123.123.123.123' then /var/log/clientA.log
But it doesn't work at all (even if I replace ==
by !=
which is really weird). Of course I didn't forget to restart the service.
Any idea welcome.
Best Answer
Our config has some extra error checking in it preventing random hosts from generating logs.