4

I have an Rsyslog central server where multiple machine send log files and these log files are stored by machine IP.

$template DailyPerHostLogs,"/var/log/remote/%fromhost-ip%_%$YEAR%-%$MONTH%-%$DAY%.log"
*.* -?DailyPerHostLogs

This works fine however all the logs gets into the logmachines central logs as well like:

/var/log/messages
/var/log/auth 
/var/log/cron

What is the best way to stop this from happening?

Thanks

user3158262
  • 109
  • 3
  • 6

2 Answers2

3

Solved it, have to put the remote log acception rule first then this:

## before going to local log rules, drop remote logging, it's been
## processed in the "central logging" section
#
:hostname, !isequal, "biglogserver"       ~

Then rest of the rsyslog.conf

user3158262
  • 109
  • 3
  • 6
0

If I understood your question right, you won't save the logs locally on the machines.

To do that you must remove from /etc/syslog.conf all the lines that describe local log files, and leave there only the line that send the logs remotely.

Igor Chubin
  • 61,765
  • 13
  • 122
  • 144
  • Sorry that I wasn't clear at the first place. No you misunderstand it. I talk about this central syslog server itself. The problem is that the remote logs are mixing into the machines local syslog as well. They are separated by IP all right but they get into the machines main log files. – user3158262 Jan 07 '14 at 20:30