hi
i want to log couple of thing into a remote host via rsyslog. problem is that:
13:59:24 wireless,info --WIRELESS--: 00:0B:6B:2C:35:7C@wlan4: connected, wants WDS
13:59:26 system,info,account --ACCOUNT--: user admin logged in from 10.194.3.56 via ssh
13:59:26 system,info,account --SYSTEM--: user admin logged in from 10.194.3.56 via ssh
14:13:22 system,info,account --ACCOUNT--: user admin logged out from 10.194.3.56 via ssh
14:13:22 system,info,account --SYSTEM--: user admin logged out from 10.194.3.56 via ssh
i want to log those messages to remote host and sort them (sepparate file for succesfull logins and failed ones)
as shown above it is not possible.
/system logging action
set memory memory-lines=300 memory-stop-on-full=no name=memory target=memory
set disk disk-file-count=2 disk-file-name=log disk-lines-per-file=100 disk-stop-on-full=no name=disk target=disk
set echo name=echo remember=yes target=echo
set remote bsd-syslog=yes name=remote remote=x:514 src-address=0.0.0.0 syslog-facility=daemon syslog-severity=auto target=remote
add bsd-syslog=yes name=authremotefailed remote=x:514 src-address=0.0.0.0 syslog-facility=auth syslog-severity=error target=remote
add bsd-syslog=yes name=authremoteok remote=x:514 src-address=0.0.0.0 syslog-facility=auth syslog-severity=info target=remote
/system logging
add action=memory disabled=yes prefix="" topics=info
add action=memory disabled=yes prefix="" topics=error
add action=memory disabled=yes prefix="" topics=warning
add action=echo disabled=yes prefix="" topics=critical
add action=memory disabled=no prefix=--ACCOUNT-- topics=account
add action=memory disabled=no prefix="" topics=radius
add action=memory disabled=no prefix="" topics=backup
add action=memory disabled=no prefix=--WIRELESS-- topics=wireless
add action=memory disabled=no prefix=--SYSTEM-- topics=system
add action=memory disabled=no prefix="" topics=ppp
add action=memory disabled=no prefix="" topics=pppoe
add action=memory disabled=no prefix="" topics=firewall
add action=memory disabled=no prefix="" topics=script
setting couple of topics in /system logging results as shown above. this is verry confusing since documentation is poor on this. there is no word mentioning if i specify multiple topics in single line. is it a logical “and”, “or” ?
second proof is that:
14:08:08 wireless,debug --WIRELESS--: wlan4: 00:0B:6B:2C:35:7C not in local ACL, by default accept
14:08:08 wireless,info --WIRELESS--: 00:0B:6B:2C:35:7C@wlan4: connected, wants WDS
i haven’t specified debug anywhere and i still got those messages.
another example:
14:17:18 system,info,account --ACCOUNT--: user admin logged out from 10.194.3.56 via ssh
14:17:27 system,error,critical --SYSTEM--: login failure for user admin from 10.194.3.56 via ssh
14:17:27 system,error,critical --ACCOUNT--: login failure for user admin from 10.194.3.56 via ssh
/system logging
add action=memory disabled=yes prefix="" topics=info
add action=memory disabled=yes prefix="" topics=error
add action=memory disabled=yes prefix="" topics=warning
add action=echo disabled=yes prefix="" topics=critical
add action=memory disabled=no prefix=--ACCOUNT-- topics=account
add action=memory disabled=no prefix="" topics=radius
add action=memory disabled=no prefix="" topics=backup
add action=memory disabled=no prefix=--WIRELESS-- topics=wireless,!debug,!info
add action=memory disabled=no prefix=--SYSTEM-- topics=system,!account
add action=memory disabled=no prefix="" topics=ppp
add action=memory disabled=no prefix="" topics=pppoe
add action=memory disabled=no prefix="" topics=firewall
add action=memory disabled=no prefix="" topics=script
add action=memory disabled=no prefix=--ACCOUNT-- topics=system,error,critical
please enlight me and other users as well