I'm following this tutorial: Using Fail2ban To Block Wrong ISPConfig Logins, but rsyslog won't redirect the output from a file to another:
/etc/rsyslog.d/12-ispconfig.conf:
if $programname == 'ispconfig' then /var/log/ispconfig.log #the file exists
Despite this line, I keep getting the output to syslog:
ispconfig[1117]: Login failed for user asdasd on IP XX.XX.XXX.XX
-rw-r--r-- 1 syslog adm 0 Sep 12 16:13 ispconfig.log
Any ideas how to fix this?
@w0rldart in your question you write
but rsyslog won't redirect the
in another post you write
ubuntu server its sysklogd
what is true then?
for rsyslogd is goes like this
/etc/rsyslog.d/log-all.conf:
:programname, isequal, "ispconfig" /var/log/ispconfig.log
# optionally you can clear this from the original to avoid the line being logged twice
:programname, isequal, "ispconfig" ~
restart rsyslogd
/etc/init.d/rsyslog restart
Couldn't get @toh's answer to work on Ubuntu 13 - turns out the file has to be called something like 25-ispconfig.conf. It processed log-all.conf, or at least showed errors when I deliberately wrote rubbish in it. It started logging to the new file, but it wouldn't stop logging to syslog as well.
Had to do this in 25-dnsmasq.conf:
:programname, contains, "dnsmasq" /var/log/dnsmasq.log
& ~
Couldn't make a comment without having 50 rep, so I'm posting an answer.
Just got to work out how to rotate the files now so I don't get huge monster log files growing in my /var/log
