Configure Remote Logging Server Storage

Learn how to configure the remote logging server to store client log files in separate directories.

Before you begin

The remote server must have the Rsyslog utility installed.

About this task

By default, system logs are stored in the /var/log directory. But when receiving system logs from other machines, it is a best practice to store the syslogs from each client in separate directories.

Procedure

  1. Create the following conf file. 
    $ /etc/rsyslog.d/directives.conf
  2. Open the file directives.conf in your preferred text editor and add the following content. 
    $template RemoteLogs,"/var/log/%HOSTNAME%/%PROGRAMNAME%.log" 
*.* ?RemoteLogs 
& ~
    The directives.conf file does the following:
    • Creates the template RemoteLogs and applies it to all logs
    • Creates a log directory for each client with the local server's host name and stores log files with the syslog's service name from each sending device to the named directory.
    • Creates a directory with the local server host name and stores local syslogs to this location.
    • Appends logs to the files that already exist.
  3. Save and close the directives.conf file.
  4. Run the following command to restart the rsyslog service and begin logging according to directives.conf. 
    $ sudo systemctl restart rsyslog
  5. Run the following command to verify the rsyslog service status. 
    $ sudo systemctl status rsyslog
9037106-00 Rev AA