Rsyslog - How to filter logs by IP address and avoid duplicates

To filter logs from certain IP addresses (10.200.35.XX in this example), save inĀ /var/log/zone_a.log file and then stop processing them (to omit duplicates) use similar rule:

:fromhost-ip, contains, "10.200.35." /var/log/zone_a.log
& ~
Milosz Galazka's Picture

About Milosz Galazka

Milosz is a Linux Foundation Certified Engineer working for a successful Polish company as a system administrator and a long time supporter of Free Software Foundation and Debian operating system.