You can configure the remote logging
server to store client log files in separate directories.
Before you begin
The Rsyslog utility must be installed on
the Remote Logging Server.
About this task
By default, system logs are stored in the
/var/log directory. When system logs are received from other
machines, it is a best practice to store the syslogs each client in separate
directories.
Procedure
-
Create the following
conf file.
$ /etc/rsyslog.d/directives.conf
-
Open the
directives.conf file in your preferred text editor and
add the following content.
$template RemoteLogs,"/var/log/%HOSTNAME%/%PROGRAMNAME%.log"
*.* ?RemoteLogs
& ~
The
directives.conf file does the following:
- Creates the template
RemoteLogs and applies it to all logs.
- Creates a log directory
for each client with the local server host name and stores log files
with the syslog service name from each sending device to the named
directory.
- Creates a directory with
the local server host name and stores local syslogs to this location.
- Appends logs to the files
that already exist.
-
Save and close the
directives.conf file.
-
Restart the
rsyslog service to begin logging according to
directives.conf.
$ sudo systemctl restart rsyslog
-
Verify the
rsyslog service status.
$ sudo systemctl status rsyslog
