I wonder if you can help me to configure rsyslog to write logs from different subnets to different locations, ie:
Log everything coming from subnet 192.168.1 to dir. /log/subnet1, from subnet 192.168.2 to /log/subnet2.
Problem is that i have already plenty preconfigured templates - for each message type. Tried to adjust below example but without joy.
$template PerHostAuthSub1,"/log/subnet1/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/auth.log"
$template PerHostCronSub1,"/log/subnet1/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/cron.log"
$template PerHostSyslogSub1,"/log/subnet1/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/syslog"
$template PerHostAuthSub2,"/log/subnet2/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/auth.log"
$template PerHostCronSub2,"/log/subnet2/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/cron.log"
$template PerHostSyslogSub2,"/log/subnet2/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/syslog"
if ( $fromhost-ip startswith ‘192.168.1.‘ ) then {
? PerHostAuthSub1
? PerHostCronSub1
? PerHostSyslogSub1
} else {
? PerHostAuthSub2
? PerHostCronSub2
? PerHostSyslogSub2
}
Second part of question is - to minimize code, can I replace log directories with variable and then set var in if condition? Idea is -
$template PerHostAuth,"/log/$variable/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/auth.log"
$template PerHostCron,"/log/$variable/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/cron.log"
$template PerHostSyslog,"/log/$variable/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/syslog"
if ( $fromhost-ip startswith ‘192.168.1.‘ ) then {
set variable = subnet1
} else {
set variable = subnet2
}
