RSYSLOG - how to separate logs using filtering?

Y

yarleshiy2016-12-01 16:40:38

Mikrotik

yarleshiy, 2016-12-01 16:40:38

My Mikrotik sends logs to the server via the Rsyslog service. Logs are being maintained, everything is fine. But there was a need to separate the log into files. For example - logs are collected at events: WiFi, PPPoE, Hotspot.
You need to make sure that Hotspot is collected in a separate file.
All logs are collected according to the template
$template ALL, "/var/log/!remote/%fromhost-ip%/syslog.log"
*.* ?ALL
I registered a filter, but something does not work.
$template HOTSPOT, "/var/log/!remote/%fromhost-ip%/hotsopt.log"
if $msg contains 'Hotspot' then *.* ?HOTSPOT

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

C

CityCat4, 2016-12-02
@CityCat4

Well here are some examples.

# Все от программы ntpdate в файл /var/log/ntpdate
if $programname == 'ntpdate' then                       /var/log/ntp

# все остальное в файл /var/log/daemon
if $programname != 'ntpdate' \
    and $syslogfacility-text == 'daemon' then           /var/log/daemon

# Сообщения MARK в файл /var/log/marks
if $msg == '-- MARK --' then                            /var/log/marks

# остальные в /var/log/kernel
if $msg != '-- MARK --' \
    and $syslogfacility-text == 'kern' then             /var/log/kernel

In Rsyslog, despite the presence of documentation with examples of bad luck ...

Y

yarleshiy, 2016-12-12
@yarleshiy

Why is it not shared anyway. Neither templates, nor simply in a file.
Writes everything to one common file..