I'm currently in the process of having all of our various servers send their syslog messages to a central server. I'd like to have the following directory structure on the central server that logs are sent to.
<root_dir>/<server_name>/<year>/<month>/<day>/{messages, mail, auth, etc}.log
Is this something I can do with rsyslog templates alone or do I need to use another utility to move the files into the proper file location?
I don't know about creating the directories, but the rest should be handled by filters and dynamic file names.
Normally in a case like this I would log file pattern like.
/var/log/<server_name>{messages,mail,auth,etc}.YYYYMMDD
Having the logs separated by server may make tracing conditions across servers difficult. The log messages typically include the originating server, so it is easy to retrieve messages for a particular server with awk, grep or any other pattern matching tool. Scaling out that many log files may also be difficult, and you may hit resource limits.
Typically log rotation is handled by a program like logrotate. This allows you to control the frequency of log rotations for particular files, and to control the number of versions you keep. It's postrotate action could be used to split out date from the just rotated files into the desired form. This may scale better.
