Page 1 of 1

rsyslog custom logging

Posted: Sun Jan 14, 2024 4:06 pm
by zemerdon
The solution is to use custom rsyslog templates. First you create the log message template. The following template resembles the default syslog format but has the %fromhost-ip% added you can add other variables in the same manner

$template tplremote,"%timegenerated% %HOSTNAME% %fromhost-ip% %syslogtag%%msg:::drop-last-lf%\n"
Then we create the file name template:

$template RemoteHost,"/var/log/remote/%HOSTNAME%.log"
And finally, we tell rsyslog to use created templates:

if ($hostname != 'localhost') then ?RemoteHost;tplremote
& ~
Note, the last lines must be added right before the line containing.

*.info;mail.none;authpriv.none;cron.none
Also note that this was tested and worked in the fresh rsyslog from epel repo on redhat (rsyslog-7.6.7-1.el6.x86_64). The behaviour might be different in other distros.