Home / server / Questions / 620053
Accepted
Andrew Tobey
Asked: 2014-08-13 23:38:05 +0800 CST

Using (r)syslog's dynamic file generation

  • 772

I am in the middle of configuring a (r)syslog server as a remote server that receives logs from various clients.

I wonder whether there is a nicer way to dynamically generate multiple file names as opposed to create a template for any facility.priority whose filename should be created dynamically.

$template FILENAME,"/var/log/%fromhost-ip%/syslog.log"
kern.*                          ?FILENAME

besides that, do I have to explicitly tell the services/daemons to use TCP in order to use logging via TCP with (r)syslogd? Like when I turn off the server's ability to receive UDP packets, it stopps logging anything. Or differently put:

kern.*                           @loghost

doesn't work.

tcp

2 Answers

  1. Yes, templates is a standard and recommended way to generate dynamic file names in rsyslog. They allow you to logically separate the file name format from the action and introduce clear structure to your config.

    Regarding TCP, Jenny D already gave you correct answer. Please note that your hosts need to support syslog over TCP. Syslog was initially based on UDP, so depending on what versions of syslog daemons you are running on your hosts, TCP may not be possible on some or even all of them. TCP is supported by both rsyslog and syslog-ng.

    For extra reference on rsyslog, RedHat has pretty nice documentation.

    • 1
  2. Best Answer

    From the manual page:

       To  forward  messages to another host via UDP, prepend the hostname
   with the at sign ("@").  To forward it via plain tcp,  prepend  two
   at signs ("@@").

    So change your config line like so:

    kern.*                           @@loghost

    and tell rsyslog to reread the config file.

    • 0