rsyslog custom logging

Post Reply
zemerdon
Site Admin
Posts: 239
Joined: Mon Jan 23, 2023 8:13 pm

rsyslog custom logging

Post by zemerdon »

The solution is to use custom rsyslog templates. First you create the log message template. The following template resembles the default syslog format but has the %fromhost-ip% added you can add other variables in the same manner

$template tplremote,"%timegenerated% %HOSTNAME% %fromhost-ip% %syslogtag%%msg:::drop-last-lf%\n"
Then we create the file name template:

$template RemoteHost,"/var/log/remote/%HOSTNAME%.log"
And finally, we tell rsyslog to use created templates:

if ($hostname != 'localhost') then ?RemoteHost;tplremote
& ~
Note, the last lines must be added right before the line containing.

*.info;mail.none;authpriv.none;cron.none
Also note that this was tested and worked in the fresh rsyslog from epel repo on redhat (rsyslog-7.6.7-1.el6.x86_64). The behaviour might be different in other distros.
Post Reply