The Geek Diary

HowTos | Basics | Concepts

How to configure rsyslog server to log messages from different hosts to different files and folders in CentOS/RHEL

By

The Ask

Syslog does not support remote logging with individual logs on per host basis. How can remote logging with individual logs on a per-host basis be configured with rsyslog?

How can remote logging be enabled with separate logs for each remote host (system-hostname.log) with date (system-hostname-date.log)?

The Answer

Follow the steps outlined below to install and configure the rsyslog server to log individual logs on a per-host basis. There are various ways that are described below to organize the log files for each host. You may use any one or combine more than one ways as per your requirement.

If rsyslog is not installed then install it using the following:

# yum install rsyslog

For RHEL 6

Separate log file for each host

To configure rsyslog to generate a separate log file for each host, specify the below in /etc/rsyslog.conf:

# vi /etc/rsyslog.conf
$template DynFile,"/var/log/system-%HOSTNAME%.log"
*.* -?DynFile
& ~

Separate log file for each host along with date of creation (year-month-day)

To configure rsyslog to generate a separate log file for each host along with date of creation (year-month-day), modify the template to as shown below:

# vi /etc/rsyslog.conf
$template DynFile,"/var/log/syslog/system-%HOSTNAME%-%$YEAR%-%$MONTH%-%$DAY%-messages.log"
*.* -?DynFile
& ~

Prevent rsyslog server itself logging in to a single file

To configure rsyslog to generate a separate log file for each host and prevent rsyslog server itself logging in to a single file, modify the template as shown below:

# vi /etc/rsyslog.conf
$template DynFile,"/var/log/syslog/system-%HOSTNAME%-%$YEAR%-%$MONTH%-%$DAY%-messages.log"
:fromhost-ip,!isequal,"127.0.0.1" -?DynFile
& ~

generate a separate folder for each host

Configure rsyslog to generate a separate folder for each host :

# vi /etc/rsyslog.conf
$template DynFile,"/var/log/syslog/system-%HOSTNAME%/messages.log"
*.* -?DynFile
& ~

Once you have confirmed the changes to the /etc/rsyslog.conf file, restart rsyslog service.

# service rsyslog restart

For RHEL 7

You can also specify the rules in a separate file /etc/rsyslog.d/from_remote.conf:

# vi /etc/rsyslog.d/from_remote.conf
template(name="DynFile" type="string" string="/var/log/remote/system-%FROMHOST-IP%.log")
ruleset(name="RemoteMachine"){  action(type="omfile" dynaFile="DynFile")  }
module(load="imudp")
input(type="imudp" port="514" ruleset="RemoteMachine")
module(load="imtcp")
input(type="imtcp" port="514" ruleset="RemoteMachine")

Restart/reload rsyslog service once you are done with the changes:

# systemctl restart rsyslog

You May Also Like