I just configured rsyslog 8.1911 on CentOS 8.2. The server rsyslog.conf has these lines
$template RemoteLogs,"/logs/serverlogs/%$YEAR%-%$MONTH%-$DAY%/%HOSTNAME%/%PROGRAMNAME%.log"
*.* ?RemoteLogs
This works - i.e. new directories get created each day, logs get written etc. But the log entries for clients go into the rsyslog server's log files too. How can I prevent that?
Putting existing logs in an "if" condition and RemoteLogs in the else clause fixed it. The name of the log server is prod-log.So
if ($fromhost contains "prod-log") then {
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.*
# other existing files
} else {
*.* ?RemoteLogs
}
Ideally one ought to set up rules and use them. For now, this works.