Learn how to configure the remote logging
server to store client log files in separate directories.
Before you begin
The remote server must have the Rsyslog
utility installed.
About this task
By default, system logs are stored in the
/var/log directory. But when receiving system logs from other machines, it is a best
practice to store the syslogs from each client in separate directories.
Procedure
-
Create the following conf
file.
$ /etc/rsyslog.d/directives.conf
-
Open the file directives.conf in
your preferred text editor and add the following content.
$template RemoteLogs,"/var/log/%HOSTNAME%/%PROGRAMNAME%.log"
*.* ?RemoteLogs
& ~
The directives.conf file does the
following:
- Creates the template
RemoteLogs and applies it to all logs
- Creates a log directory
for each client with the local server's host name and stores log files
with the syslog's service name from each sending device to the named
directory.
- Creates a directory with
the local server host name and stores local syslogs to this location.
- Appends logs to the files that already exist.
-
Save and close the
directives.conf file.
-
Run the following command to
restart the rsyslog service and begin logging according to
directives.conf.
$ sudo systemctl restart rsyslog
-
Run the following command to
verify the rsyslog service status.
$ sudo systemctl status rsyslog