Hi, I have problems with rsyslog on C7. In /etc/rsyslog.d/iptables.conf I have:
# Log all iptables stuff separately
:msg, contains, “iptables: ” {
action(type=”omfile” file=”/var/log/iptraf/info”)
stop
}

THis works fine. In /etc/rsyslog.d/mail.conf I have:
# Log all the mail messages in one place. if ($syslogfacility-text == ‘mail’) then {
action(type=”omfile” file=”/var/log/mail/info”)
stop
}

This does not work, neither does a line like:
mail.* /var/log/mail/info

if I put that in /etc/rsyslog.conf. What am I doing wrong???
Here is my /etc/rsyslog.conf:
# rsyslog configuration file

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html

#### MODULES ####

# The imjournal module bellow is now used as a message source instead of imuxsock.
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$OmitLocalLogging off
$ModLoad imjournal # provides access to the systemd journal
$ModLoad imklog # reads kernel messages (the same are read from journald)
$ModLoad immark # provides –MARK– message capability

# Provides RELP syslog reception
$ModLoad imrelp
$InputRELPServerRun 2514

# provides RELP syslog transmission
$ModLoad omrelp

#### GLOBAL DIRECTIVES ####

# Where to place auxiliary files
$WorkDirectory /var/lib/rsyslog

# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on

# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf

# File to store the position in the journal
$IMJournalStateFile imjournal.state

# Set the default permissions for all log files.
$FileOwner root
$FileGroup root
$FileCreateMode 0644
$DirCreateMode 0755
$Umask 0022

#

#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console kern.crit :omusrmsg:*

# Log anything (except mail) of level info or higher.
# Don’t log private authentication messages!
kern.info;mail.none;authpriv.none;cron.none /var/log/messages

# The authpriv file has restricted access. authpriv.* /var/log/auth/info auth.* /var/log/auth/info

# Log daemon stuff daemon.* /var/log/daemon/info

# Log cron stuff cron.* /var/log/cron

# Everybody gets emergency messages
#*.emerg :omusrmsg:*

# Save boot messages also to boot.log local7.* /var/log/boot.log