Home / server / Questions / 807108
Accepted
StandardEyre
Asked: 2016-10-05 15:21:48 +0800 CST

How to call template so rsyslog 8 creates one log file per client

  • 772

I'm using rsyslog 8.22 to receive syslog data sent from client hosts. My goal is to have one log file created per client.

I've found a lot of data on older versions of rsyslog, but the change in configuration syntax has thrown me.

This configuration proves rsyslog is working, but aggregates all entries into one file:

if $fromhost-ip startswith '192.168.117.' then {
    action(type="omfile" file="/var/log/network.log")
    stop
}

(The rest of my /etc/rsyslog.conf is default.)

The following is not working. (No file is created):

template (name="DynFile" type="string" string="/var/log/network-%fromhost-ip%.log")
if $fromhost-ip startswith '192.168.117.' then {
    action(type="omfile" file="DynFile")
    stop
}

What am I missing?

rsyslog

1 Answers

  1. Best Answer

    The fix is to specify dynaFile in the action argument (not file).

    template (name="DynFile" type="string" string="/var/log/network-%fromhost-ip%.log")
if $fromhost-ip startswith '192.168.117.' then {
    action(type="omfile" dynaFile="DynFile")
    stop
}

    This creates the expected results:

    $ ls -l /var/log/network/    
-rw-r--r--. 1 root root       286 Oct  4 13:21 192.168.117.21.log    
-rw-r--r--. 1 root root       284 Oct  4 13:25 192.168.117.22.log
-rw-r--r--. 1 root root       184 Oct  4 13:32 192.168.117.27.log
$
    • 4