rsyslog rule creation

vinmansbrew · Post by **vinmansbrew** » 2021/09/02 14:28:48

centos 7.9

Trying to create a UDP rule in rsyslog for syslog 20(local4)
I have the udp lines uncommented.
Now I am just trying to set up the rule. Never had to before, so I probably have it wrong.

I have:
local4.syslog20 /var/log/cisco

Thanks

larwood · Post by **larwood** » 2021/09/03 05:23:58

As you are using CentOS 7.9 I will assume you are on rsyslog v8.24 so you can add this rule above the standard rules.

Code: Select all

if $syslogfacility-text == 'local4' then {
action(type="omfile"
    name="cisco_logs"
    file="/var/log/cisco.log"
  )
  stop
}

vinmansbrew · Post by **vinmansbrew** » 2021/09/03 14:25:37

Thanks Larwood, I'll give this a try!

CentOS

rsyslog rule creation

rsyslog rule creation

Re: rsyslog rule creation

Re: rsyslog rule creation