Rsyslog server

If you need a very quick solution for a syslog server, and as OS have Red Hat or Fedora, you have a rsyslog server coming with the OS, so you can use this instead of the syslog-ng server (which is a must for a large number of hosts, and is much more flexible for centralized logging, but since you already have rsyslog…).
How to set up every host to log to a central syslog server, and to do it to a different file, so that it does not get all jumbled up in one giant file (usually /var/log/messages)?
In the configuration file of rsyslog server (/etc/rsyslog.conf), under “Rules” put in two additional lines (take care, they MUST be in the file BEFORE all the other lines that are under “Rules”) :
$template FILENAME,”/var/log/%fromhost-ip%/syslog.log”
After this restart service :
# service rsyslog restart

Now in folder /var/log severy host IP address has a folder which name is the IP of host, and in this folder a log file syslog.log, with logs that are ONLY from this host.

A good link.

This entry was posted in Linux and tagged , . Bookmark the permalink.

Comments are closed.