[rsyslog-notify] Forum Thread: Re: Multiple remote hosts - (Mode 'reply')

[noreply at adiscon.com]

User: dlang 
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26497#p26497

Message: 
----------
[quote="mabo":2gv90wle]Hi,

I am completely new to rsyslog, can someone tell me if the following is
possible, and how do I need to change the syslog.conf file to do this ?
[/quote:2gv90wle]

Yes it is possible, more info below
[quote:2gv90wle]
I would like to receive syslog information from a number of voice gateways
(iad),
and write their logs in a separate directory per host, and a separate file
per day.
And not in /var/log/messages or /var/log/boot.log as it is now
As technicians are regularly adding remote hosts, I would like rsyslog to
create the directory with the hostname and in it the files with the
hostname and date, for example if 14T-ONE425 is the hostname that is sent
into the syslog message
/var/log/iad/14T-ONE425/14T-ONE425-160418.log
[/quote:2gv90wle]
look at the dynafile feature shown on this page <!-- m --><a
class="postlink"
href="http://www.rsyslog.com/doc/v8-stable/configuration/modules/omfile.html">http://www.rsyslog.com/doc/v8-stable/co
... mfile.html</a><!-- m -->
you need to create a template with the hostname and date in it.
also make sure that the dynafilecachesize is larger than the number of
files that you will be writing to at any one time.
[quote]
I also would like to limit rsyslog messages from within a certain subnet, 
but I suppose this should be handled by iptables, or is there a setting in
rsyslog also ?
[\quote] you are better off handling this in iptables, but there is a
setting in rsyslog to restrict what hosts it will accept logs from.