I want to configure rsyslog on a centralised server so that all the logs of clients are stored at one place now the problem I'm having is I dont know how to implement rsyslog so that it creates logs based on programmes on client machines i.e. like 'httpd' etc. and save them in different files i.e. '/var/log/httpd.log' and while it sends the log to the remote server the files should be saved like '/var/log/ip-address of host/httpd.log' I have these two problems
- Logs should be created on programme basis
- while logs are transmitted to remote server they should be stored on program basis with different directories for different hosts.
I hope I made my question clear. Please help.
For creating log based on programme I believe I will have to use something like on client side
if $programname == 'httpd' and $syslogseverity <= '6' then /var/log/httpd.log
if $programname == 'httpd' and $syslogseverity <= '6' then ~
I also found this question but it doesn't completely solves my problem
You need to first configure your rsyslog server to be able to receive messages from the clients
Edit your server's rsyslog configuration file and create or make sure that the following lines exist:
After that you need to go to each client and add the following lines to the rsyslog.conf file:
And you should be ready. Everything that the clients send to to server will be filtered with the rules you created and the messages will be saved to the files on each client's IP address folder according to the templates you made on the server side.