[rsyslog] Logfile/directory dynamic names and errant clients
Siddhartha Jain
sjain at silverspringnet.com
Sat Dec 5 00:33:46 CET 2009
Hi,
I am running 4.2.2 on CentOS 5.4 x64.
I have one relay and one central server. Clients run stock syslogd/klogd
and send logs over UDP to the relay. The relay is configured to relay
over TLS/TCP to the central server. The communication so far works ok
between all the components but I am still grappling with file/directory
naming issues.
On the relay, I do a very simply forwarding, without any explicit
templates:
---xxxx---
*.* @@(z9)logmaster:10514
---xxxx---
On the central server, the messages are caught this way:
---xxxx---
$template DynFile,"/var/rsyslog/logs/%hostname%/%programname%.log"
*.* -?DynFile
---xxxx---
This work ok for most apps except that a goof-up in syslogd on the
client generates these directories on the central server:
[root at logmaster logs]# ls -lR exiting/
exiting/:
total 4
-rw-r--r-- 1 root root 47 Dec 4 15:12 on.log
[root at logmaster logs]# ls -lR syslogd/
syslogd/:
total 4
-rw-r--r-- 1 root root 69 Dec 4 15:12 1.4.1.log
How do I fix this?
Second, I want to segregate the logs per site. I read this doc but it
wasn't clear how do handle different sites A, B, C ....Z. How do I group
hosts into a site-X?
http://wiki.rsyslog.com/index.php/Splitting_messages_based_on_a_site_ID
Thanks,
Siddhartha
More information about the rsyslog
mailing list