You are not logged in.
Pages: 1
Hi
I manage a bunch of servers which are all reachable between each other. I set up remote forwarding for rsyslog on one server. To a certain remote server. I sort them by ip ($template FILENAME,"/var/log/%fromhost-ip%/syslog.log").
Now I get messages from other servers too, although I did not set that up .
Another question. I have the next rule:
$template FILENAME,"/var/log/%fromhost-ip%/syslog.log"
which puts everything under "syslog.log". I don't want this. I want to have the same division like locally (faillog, maillog, ...).
Last edited by TheChosenOne (2014-03-22 20:56:28)
Offline
One problem is solved. Apparently you have to edit /etc/rsyslog.d/50-default.conf for the sort of messages you want to receive. All the servers are listed now.
Still, everything is put in a single file...
Offline
I have not used rsyslog in a looong time since I migrated to rsyslog SystemD. But here goes:
For example, if you
would like to split syslog messages from different hosts to
different files (one per host), you can define the following
template:$template DynFile,"/var/log/system-%HOSTNAME%.log"
This template can then be used when defining an output
selector line. It will result in something like
"/var/log/system-localhost.log"
As for the priorities/facilities you can use %syslogpriority% and %syslogfacility% to do this. So, something like this:
$template DynFile,"/var/log/%fromhost-ip%/%syslogfacility%-%syslogpriority%.log"
I'm not sure if rsyslog will automatically create directories. You might have to use:
$template DynFile,"/var/log/%fromhost-ip%-%syslogfacility%-%syslogpriority%.log"
If the above does not work.
Last edited by Rexilion (2014-03-21 05:27:15)
fs/super.c : "Self-destruct in 5 seconds. Have a nice day...\n",
Offline
I have not used rsyslog in a looong time since I migrated to rsyslog.
You mean systemd, right?
Offline
Rexilion wrote:I have not used rsyslog in a looong time since I migrated to rsyslog.
You mean systemd, right?
lol, yeah. Didn't have my morning coffee yet.
fs/super.c : "Self-destruct in 5 seconds. Have a nice day...\n",
Offline
As for the priorities/facilities you can use %syslogpriority% and %syslogfacility% to do this. So, something like this:
$template DynFile,"/var/log/%fromhost-ip%/%syslogfacility%-%syslogpriority%.log"
I'm not sure if rsyslog will automatically create directories. You might have to use:
$template DynFile,"/var/log/%fromhost-ip%-%syslogfacility%-%syslogpriority%.log"
If the above does not work.
Thanks for your reply!
The folders are created automatically, but you have to 'chown syslog:adm' on the folder.
The solution for the facilities works, but now I have files like 10-6, 1-1, 2-6, 3-2, 3-5, 3-6 and 9-6. Is there a way to have 'real' names?
Thanks.
Edit: The folders aren't generated automatically. I follow
$template DynFile,"/var/log/remote/%fromhost%/syslog"
and chown syslog:adm on the 'remote' folder. All 'fromhost' subfolders are generated automatically.
Last edited by TheChosenOne (2014-03-22 14:09:12)
Offline
Yeah, you can suffix them with '-text'. Btw, there is a manpage here so you can see yourself. It's quite powerful.
fs/super.c : "Self-destruct in 5 seconds. Have a nice day...\n",
Offline
Yeah, you can suffix them with '-text'. Btw, there is a manpage here so you can see yourself. It's quite powerful.
Thanks! It works completely now! This is the result:
$template TEMPLATE,"/var/log/remote/%fromhost%/%syslogfacility-text%"
Offline
Pages: 1