We have a syslog server and we have all our servers logging to it.
We want a sort of "catch-all" drippan rule for all remote messages that we have not configured a rule for.
Anyone know how to accomplish this?
Asked
Active
Viewed 2.2k times
2 Answers
7
So this is how I configured this in rsyslog.conf:
# Log remote hosts to separate log file
$template PerHostLog,"/var/log/remote-hosts/%HOSTNAME%.log"
$template RemoteHostFileFormat,"%TIMESTAMP% %HOSTNAME% %syslogfacility-text% %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::space-cc,drop-last-lf%\n"
:inputname, isequal, "imudp" ?PerHostLog;RemoteHostFileFormat
& ~
This traps all log messages received via UDP (imudp) and puts it in a file whose filename corresponds to the hostname the log message originated from.
Belmin Fernandez
- 10,799
- 27
- 84
- 148
-
Thank you for the example using inputname. Half a dozen examples I found all tried matching on $hostname and the like... and none of them worked reliably for this :) – allaryin Mar 25 '15 at 17:00
-
HI, this works, expcept the 'last message repeated x times' messages end up in /var/log/remote-hosts/.log. – dan carter Aug 09 '16 at 09:10
0
I found very nice "how to" that will give you a good head start...
How to Setup Rsyslog Remote Logging on Linux (Central Log Server)
alexus
- 13,112
- 32
- 117
- 174
-
Edited question to clarify what I want. Let me know if that helps. – Belmin Fernandez Apr 26 '12 at 19:56
-
-
1I believe the submitter is looking for a rule to use on the _receiving_ syslog server to dump messages into files. – Apr 26 '12 at 20:04
-
That's correct. My apologies @alexus for not being clear initially. – Belmin Fernandez Apr 26 '12 at 20:06
-