Thứ Hai, 4 tháng 3, 2019

Default linux alway write log info or higher to /var/log/message . If you want don’t log to message file

Option 1: Use normal rules in file rsyslog.conf

# File /etc/rsyslog.conf
#### RULES ####

$template you_log_format,"%rawmsg% \n\n"
local6.* /var/log/your-log.log;you_log_format
&~

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages

Option 2: Use expression rules

Now, you want to add receive messages from a remote system and log these to a special file, but you do not want to have these messages written to the files specified above. The traditional approach is to add a rule in front of all others that filters on the message, processes it and then discards it:
# ... module loading ...
# process remote messages
if $fromhost-ip == '192.0.2.1' then {
        action(type="omfile" file="/var/log/remotefile02")
        stop
    }

# only messages not from 192.0.2.1 make it past this point

# The authpriv file has restricted access.
authpriv.*                            /var/log/secure
# Log all the mail messages in one place.
mail.*                                /var/log/maillog
# Log cron stuff
cron.*                                /var/log/cron
# Everybody gets emergency messages
*.emerg                               *
... more ...
Note that “stop” is the discard action!. Also note that we assume that 192.0.2.1 is the sole remote sender (to keep it simple).

Reactions: