Configure Remote Logging Server Storage

You can configure the remote logging server to store client log files in separate directories.

Before you begin

The Rsyslog utility must be installed on the Remote Logging Server.

About this task

By default, system logs are stored in the /var/log directory. When system logs are received from other machines, it is a best practice to store the syslogs each client in separate directories.

Procedure

  1. Create the following conf file.
    $ /etc/rsyslog.d/directives.conf
  2. Open the directives.conf file in your preferred text editor and add the following content.
    $template RemoteLogs,"/var/log/%HOSTNAME%/%PROGRAMNAME%.log" 
    *.* ?RemoteLogs 
    & ~ 
    The directives.conf file does the following:
    • Creates the template RemoteLogs and applies it to all logs.
    • Creates a log directory for each client with the local server host name and stores log files with the syslog service name from each sending device to the named directory.
    • Creates a directory with the local server host name and stores local syslogs to this location.
    • Appends logs to the files that already exist.
  3. Save and close the directives.conf file.
  4. Restart the rsyslog service to begin logging according to directives.conf.
    $ sudo systemctl restart rsyslog
  5. Verify the rsyslog service status.
    $ sudo systemctl status rsyslog