rsyslog, log msgs in a different file
Karl Auer
kauer at biplane.com.au
Mon Feb 19 00:25:03 UTC 2024
On Sun, 2024-02-18 at 09:48 -0700, R C wrote:
> right, that was to make it work, to get ir started. I don't know how
> to distinguish between remote hosts and the host itself.
There are four ways (at least).
1: Have your remote hosts log to a different log host. Then you can
have a completely independent setup for logging your remote hosts. Eay
if you are using virtuals, not as easy with real hardware, and also
means your logs are in two different places.
2: Run a second instance of rsyslogd on a different port on your
current log host and have your remote hosts log to that.
3: Use filters on properties to send remote host logging to different
files on your current log host. You need something in the log entries
that is consistently different for remote hosts and local host.
FROMHOST and HOSTNAME are likely candidates, or configure your remote
hosts to explicitly add a tag of some sort to their log entries that
you can then filter on your log host (cf. my MikroTik log entries).
4: A combination move - set up a separate log host as per 1:, or log
destination as per 2:, and send your *local* log entries there as well.
Now your "local" host is just another remote host. I have absolutely
not tried this :-)
Regards, K.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)
http://www.biplane.com.au/kauer
More information about the ubuntu-users
mailing list