Syslog still receiving entries after filter to sepaqrate fileRsyslog channels change ownership from rootRsyslog not forwarding specific log file to remote serveroverriding default syslog behaviorWhat would cause /var/log/syslog to only be written to when executing rsyslog -d?rsyslog server saves logs from remote also in /var/syslogrsyslogd wont start correctly on Ubuntu 14.04.4 LTS while using the Init-ScriptHow to stop Dovecot from logging to syslog

Printing the bits of an integer using bitfields and union

SD Card speed degrading and doesn't work on one of my cameras: can I do something?

Fermat's Last Theorem, mod n

How to get the address of a C++ lambda function within itself?

How much money is needed to prove you can support yourself with ESTA

Should I take a 7 month stint at a company off of my resume?

How do the Martian rebels defeat Earth when they're grossly outnumbered and outgunned?

Check if cell text has a specific format

Check the validity of a 10-digit telephone number

My name causes an issue with any booking! (names end with MR and MRS)

Bash to check if directory exist. If not create with an array

Multiple premoves

What would make the internet go away?

What on earth is this small wall-mounted computer?

Need Good OOP Design For World and Countries Problem

Is current (November 2019) polling about Democrats lead over Trump trustworthy?

How to avoid answering "what were you sick with"?

What (if anything) could have caused all three shuttle main engines to stop at the same time?

Possible executive assistant job scam

Well-known American figure with Roman numerals

HR trying to sabotage my wife's work because we're married

Hot Glue Gun NTC Heating Element?

'Nuke the sky' to make a rocket launch a tiny bit easier

Could the Ancient Egyptian hieroglyphs have been deciphered without the Rosetta Stone with modern tech?



Syslog still receiving entries after filter to sepaqrate file


Rsyslog channels change ownership from rootRsyslog not forwarding specific log file to remote serveroverriding default syslog behaviorWhat would cause /var/log/syslog to only be written to when executing rsyslog -d?rsyslog server saves logs from remote also in /var/syslogrsyslogd wont start correctly on Ubuntu 14.04.4 LTS while using the Init-ScriptHow to stop Dovecot from logging to syslog






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty
margin-bottom:0;









1

















I am trying to get remote devices to into separate log files and not in the main syslog file.



I have created a filter for remote devices to go to a separate file per host, but still remote devices log contents end up in main syslog. I've tried both & ~ and & stop.



Common problem but can't find a working answer. rsyslog 5.8.6 (Ubuntu 12 LTS)



/etc/rsyslog.d/20-external.conf:



$template PerHostLog,"/var/log/external/%HOSTNAME%.log"
if $fromhost-ip != '127.0.0.1' then -?PerHostLog
#& ~
& stop


All other files are the same, except for changes to /etc/rsyslog.conf to enable remote logging.



My files per host do have contents, but they are also still coming into the main syslog file.



Whats the best way to adjust either configuration or filter to make sure they stay in the separate files, and not in the syslog file.



Any ideas what I'm doing wrong?






12.04 server syslog rsyslog







share|improve this question




























  • I don't suppose you've tried &~ (no space) rather than & ~?

    – Ken Sharp
    Dec 17 '15 at 13:20


















1

















I am trying to get remote devices to into separate log files and not in the main syslog file.



I have created a filter for remote devices to go to a separate file per host, but still remote devices log contents end up in main syslog. I've tried both & ~ and & stop.



Common problem but can't find a working answer. rsyslog 5.8.6 (Ubuntu 12 LTS)



/etc/rsyslog.d/20-external.conf:



$template PerHostLog,"/var/log/external/%HOSTNAME%.log"
if $fromhost-ip != '127.0.0.1' then -?PerHostLog
#& ~
& stop


All other files are the same, except for changes to /etc/rsyslog.conf to enable remote logging.



My files per host do have contents, but they are also still coming into the main syslog file.



Whats the best way to adjust either configuration or filter to make sure they stay in the separate files, and not in the syslog file.



Any ideas what I'm doing wrong?






12.04 server syslog rsyslog







share|improve this question




























  • I don't suppose you've tried &~ (no space) rather than & ~?

    – Ken Sharp
    Dec 17 '15 at 13:20














1












1








1


1






I am trying to get remote devices to into separate log files and not in the main syslog file.



I have created a filter for remote devices to go to a separate file per host, but still remote devices log contents end up in main syslog. I've tried both & ~ and & stop.



Common problem but can't find a working answer. rsyslog 5.8.6 (Ubuntu 12 LTS)



/etc/rsyslog.d/20-external.conf:



$template PerHostLog,"/var/log/external/%HOSTNAME%.log"
if $fromhost-ip != '127.0.0.1' then -?PerHostLog
#& ~
& stop


All other files are the same, except for changes to /etc/rsyslog.conf to enable remote logging.



My files per host do have contents, but they are also still coming into the main syslog file.



Whats the best way to adjust either configuration or filter to make sure they stay in the separate files, and not in the syslog file.



Any ideas what I'm doing wrong?






12.04 server syslog rsyslog







share|improve this question

















I am trying to get remote devices to into separate log files and not in the main syslog file.



I have created a filter for remote devices to go to a separate file per host, but still remote devices log contents end up in main syslog. I've tried both & ~ and & stop.



Common problem but can't find a working answer. rsyslog 5.8.6 (Ubuntu 12 LTS)



/etc/rsyslog.d/20-external.conf:



$template PerHostLog,"/var/log/external/%HOSTNAME%.log"
if $fromhost-ip != '127.0.0.1' then -?PerHostLog
#& ~
& stop


All other files are the same, except for changes to /etc/rsyslog.conf to enable remote logging.



My files per host do have contents, but they are also still coming into the main syslog file.



Whats the best way to adjust either configuration or filter to make sure they stay in the separate files, and not in the syslog file.



Any ideas what I'm doing wrong?






12.04 server syslog rsyslog




12.04 server syslog rsyslog






share|improve this question
















share|improve this question













share|improve this question




share|improve this question








edited Jul 20 at 18:01









Kevin Bowen

16.1k15 gold badges62 silver badges73 bronze badges




16.1k15 gold badges62 silver badges73 bronze badges










asked Aug 27 '15 at 7:06









TimLTimL

84 bronze badges




84 bronze badges















  • I don't suppose you've tried &~ (no space) rather than & ~?

    – Ken Sharp
    Dec 17 '15 at 13:20


















  • I don't suppose you've tried &~ (no space) rather than & ~?

    – Ken Sharp
    Dec 17 '15 at 13:20

















I don't suppose you've tried &~ (no space) rather than & ~?

– Ken Sharp
Dec 17 '15 at 13:20






I don't suppose you've tried &~ (no space) rather than & ~?

– Ken Sharp
Dec 17 '15 at 13:20











2 Answers
2






active

oldest

votes


















0


















Put both conditions on separate lines:


if $fromhost-ip != '127.0.0.1' then -?PerHostLog

if $fromhost-ip != '127.0.0.1' then stop






share|improve this answer



































    0


















    If your filters working you could edit your /etc/rsyslog.conf to stop duplicates as per this thread:



    https://serverfault.com/questions/711708/stop-crontab-from-filling-syslog-ubuntu-15-04/717244#717244






    share|improve this answer




























    • This is on the right track expect I don't know which facility external syslog messages come under.

      – TimL
      Sep 24 '15 at 2:13











    • This link shows you a list of syslog facilities as well as a method of monitoring the actual messages on your system to see what codes are in use fir3net.com/UNIX/Linux/…

      – Ek0n0m1k
      Nov 12 '15 at 17:59












    Your Answer








    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "89"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );














    draft saved

    draft discarded
















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f666325%2fsyslog-still-receiving-entries-after-filter-to-sepaqrate-file%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown


























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0


















    Put both conditions on separate lines:


    if $fromhost-ip != '127.0.0.1' then -?PerHostLog

    if $fromhost-ip != '127.0.0.1' then stop






    share|improve this answer
































      0


















      Put both conditions on separate lines:


      if $fromhost-ip != '127.0.0.1' then -?PerHostLog

      if $fromhost-ip != '127.0.0.1' then stop






      share|improve this answer






























        0














        0










        0









        Put both conditions on separate lines:


        if $fromhost-ip != '127.0.0.1' then -?PerHostLog

        if $fromhost-ip != '127.0.0.1' then stop






        share|improve this answer
















        Put both conditions on separate lines:


        if $fromhost-ip != '127.0.0.1' then -?PerHostLog

        if $fromhost-ip != '127.0.0.1' then stop







        share|improve this answer















        share|improve this answer




        share|improve this answer








        edited Feb 24 '16 at 12:20

























        answered Feb 24 '16 at 11:27









        meerameera

        163 bronze badges




        163 bronze badges


























            0


















            If your filters working you could edit your /etc/rsyslog.conf to stop duplicates as per this thread:



            https://serverfault.com/questions/711708/stop-crontab-from-filling-syslog-ubuntu-15-04/717244#717244






            share|improve this answer




























            • This is on the right track expect I don't know which facility external syslog messages come under.

              – TimL
              Sep 24 '15 at 2:13











            • This link shows you a list of syslog facilities as well as a method of monitoring the actual messages on your system to see what codes are in use fir3net.com/UNIX/Linux/…

              – Ek0n0m1k
              Nov 12 '15 at 17:59















            0


















            If your filters working you could edit your /etc/rsyslog.conf to stop duplicates as per this thread:



            https://serverfault.com/questions/711708/stop-crontab-from-filling-syslog-ubuntu-15-04/717244#717244






            share|improve this answer




























            • This is on the right track expect I don't know which facility external syslog messages come under.

              – TimL
              Sep 24 '15 at 2:13











            • This link shows you a list of syslog facilities as well as a method of monitoring the actual messages on your system to see what codes are in use fir3net.com/UNIX/Linux/…

              – Ek0n0m1k
              Nov 12 '15 at 17:59













            0














            0










            0









            If your filters working you could edit your /etc/rsyslog.conf to stop duplicates as per this thread:



            https://serverfault.com/questions/711708/stop-crontab-from-filling-syslog-ubuntu-15-04/717244#717244






            share|improve this answer
















            If your filters working you could edit your /etc/rsyslog.conf to stop duplicates as per this thread:



            https://serverfault.com/questions/711708/stop-crontab-from-filling-syslog-ubuntu-15-04/717244#717244







            share|improve this answer















            share|improve this answer




            share|improve this answer








            edited Apr 13 '17 at 12:14









            Community

            1




            1










            answered Sep 7 '15 at 13:38









            Ek0n0m1kEk0n0m1k

            133 bronze badges




            133 bronze badges















            • This is on the right track expect I don't know which facility external syslog messages come under.

              – TimL
              Sep 24 '15 at 2:13











            • This link shows you a list of syslog facilities as well as a method of monitoring the actual messages on your system to see what codes are in use fir3net.com/UNIX/Linux/…

              – Ek0n0m1k
              Nov 12 '15 at 17:59

















            • This is on the right track expect I don't know which facility external syslog messages come under.

              – TimL
              Sep 24 '15 at 2:13











            • This link shows you a list of syslog facilities as well as a method of monitoring the actual messages on your system to see what codes are in use fir3net.com/UNIX/Linux/…

              – Ek0n0m1k
              Nov 12 '15 at 17:59
















            This is on the right track expect I don't know which facility external syslog messages come under.

            – TimL
            Sep 24 '15 at 2:13





            This is on the right track expect I don't know which facility external syslog messages come under.

            – TimL
            Sep 24 '15 at 2:13













            This link shows you a list of syslog facilities as well as a method of monitoring the actual messages on your system to see what codes are in use fir3net.com/UNIX/Linux/…

            – Ek0n0m1k
            Nov 12 '15 at 17:59





            This link shows you a list of syslog facilities as well as a method of monitoring the actual messages on your system to see what codes are in use fir3net.com/UNIX/Linux/…

            – Ek0n0m1k
            Nov 12 '15 at 17:59


















            draft saved

            draft discarded















































            Thanks for contributing an answer to Ask Ubuntu!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f666325%2fsyslog-still-receiving-entries-after-filter-to-sepaqrate-file%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown









            -

            Popular posts from this blog

            Tamil (spriik) Luke uk diar | Nawigatjuun

            Image
            Fering ArtiikelDrawiidisk Spriiken SölringÖömrangFeringHalunderHalifreeskMooringWiringhiirderKarhiirderGooshiirderDrawiidisk SpriikTamil NaduIndienSri Lanka (function()var node=document.getElementById("mw-dismissablenotice-anonplace");if(node)node.outerHTML="u003Cdiv class="mw-dismissable-notice"u003Eu003Cdiv class="mw-dismissable-notice-close"u003E[u003Ca tabindex="0" role="button"u003EFersteegu003C/au003E]u003C/divu003Eu003Cdiv class="mw-dismissable-notice-body"u003Eu003Cdiv id="localNotice" lang="frr" dir="ltr"u003Eu003Cdiv id="sitenotice"u003Enu003Ccenteru003Enu003Ctable class="rahmenfarbe4" style="border-style: solid; border-width: thin; width: 70%;"u003Ennu003Ctbodyu003Eu003Ctru003Enu003Ctd style="text-align:center;"u003Eu003Ca href="/wiki/Datei:Nordfriesischeflagge.svg" class="image"u003Eu003Cimg alt="Nordfriesische
            Read more

            Align equal signs while including text over equalitiesAMS align: left aligned text/math plus multicolumn alignmentMultiple alignmentsAligning equations in multiple placesNumbering and aligning an equation with multiple columnsHow to align one equation with another multline equationUsing \ in environments inside the begintabularxNumber equations and preserving alignment of equal signsHow can I align equations to the left and to the right?Double equation alignment problem within align enviromentAligned within align: Why are they right-aligned?

            Image
            Why didn't the Universal Translator speak whale? What is /dev/null and why can't I use hx on it? The work of mathematicians outside their professional environment Does the DOJ's declining to investigate the Trump-Zelensky call ruin the basis for impeachment? Are there any tricks to pushing a grand piano? Maintaining distance Does it require less energy to reach the Sun from Pluto's orbit than from Earth's orbit? Object Oriented Design: Where to place behavior that pertains to more than one type of object? Choice of solvent during thin layer chromatography How to catch creatures that can predict the next few minutes? Use floats or doubles when writing mobile games How come the Russian cognate for the Czech word "čerstvý" (fresh) means entirely the opposite thing (stale)? What are the limits on an impeached and not convicted president? How to calculate Limit of this sequence Bash-script as linux-service won't run, but executed
            Read more

            Where does the image of a data connector as a sharp metal spike originate from?Where does the concept of infected people turning into zombies only after death originate from?Where does the motif of a reanimated human head originate?Where did the notion that Dragons could speak originate?Where does the archetypal image of the 'Grey' alien come from?Where did the suffix '-Man' originate?Where does the notion of being injured or killed by an illusion originate?Where did the term “sophont” originate?Where does the trope of magic spells being driven by advanced technology originate from?Where did the term “the living impaired” originate?

            Image
            Automatically extend a Python list to N elements if it's too short? Fired for a policy I didnt know about, as well as another false reason Why isn't tilde recognised as home folder in this case? When does an Artillerist's Cannon have disadvantage? How large should a hole be for a bolt to go through? When is TeX better than LaTeX? How to determine if drill is suitable for concrete? Huygens Lander: Why The Short Battery Life? Why do people use bigger cassettes for lower gearing when they could instead use smaller chainrings? Is there a difference between downloading / installing a list of packages and downloading each packge by its own? Question about exercise 21.10 in The TeXbook How to publish a page using tridion core service client in sdl web 8.5 Can one get into trouble if one doesn't show up at the gate 30 minutes before departure (or whatever time window the boarding pass is indicating)? Does an action-reaction pair always contain the same
            Read more