Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. RSyslog>
  3. users
Create log files based on host name
erik at tengblad
May 26, 2008, 12:15 AM
Post #1 of 3 (4777 views)
Permalink
Hello all,

First of all, let me apologize in advance for the somewhat newbie-ish
nature of this question. I'm sure there's an easy way to solve my
problem, but I've been looking for an answer for weeks now without being
able to find one.

Here's the deal;
A friend and I am currently working as interns at a company.We've been
tasked with setting up a central logging service for one of their test
environments. Getting rsyslog to write to the log server is the easy
part. What we're having trouble with is setting it up (both on server
and client side) so that

1) All the log files are written per host. IE, we want rsyslog to write
seperate log files based on the host from which the logs are being sent.
Say we have 10 machines, each called host01 to host 10. We want all the
log information from host01 to be written to /var/log/host01/logfile.log
and so on. We've tried achieving this using templates and the :hostname,
isqueal, "host01" feature, but we just can't get it to work. Most likely
we've not used the correct syntax in the rsyslog.conf file.

2) We want all log information containing a certain string to be written
to separate log files as well. So everything containing 'zyx' should be
written to /var/log/host01/zyx.log and everything containing 'abc'
should be written to /var/log/host01/abc.log and so on.

As I said, I'm certain there are easy ways to achieve this using
rsyslog, but we're too inexperienced at using the app to know how to do
it. Hopefully someone on here can help us out a bit. :)

Thanks in advance,
Erik Tengblad
Create log files based on host name [ In reply to ]
linuxweb at gmail
Jun 3, 2008, 12:09 PM
Post #2 of 3 (4684 views)
Permalink
Erik Tengblad wrote:
> Hello all,
>
> First of all, let me apologize in advance for the somewhat newbie-ish
> nature of this question. I'm sure there's an easy way to solve my
> problem, but I've been looking for an answer for weeks now without being
> able to find one.

Seeing no one has yet replied, let me give this a shot (just
got back from vaca, else I would've replied earlier).


> 1) All the log files are written per host. IE, we want rsyslog to write
> seperate log files based on the host from which the logs are being sent.
> Say we have 10 machines, each called host01 to host 10. We want all the
> log information from host01 to be written to /var/log/host01/logfile.log
> and so on. We've tried achieving this using templates and the :hostname,
> isqueal, "host01" feature, but we just can't get it to work. Most likely
> we've not used the correct syntax in the rsyslog.conf file.

$template HostMessages, "/var/log/%HOSTNAME%/logfile.log"



> 2) We want all log information containing a certain string to be written
> to separate log files as well. So everything containing 'zyx' should be
> written to /var/log/host01/zyx.log and everything containing 'abc'
> should be written to /var/log/host01/abc.log and so on.

I think you'd need two templates:
$template HostAbcMessages, "/var/log/%HOSTNAME%/abc.log"
$template HostZyxMessages, "/var/log/%HOSTNAME%/zyx.log"

:msg, contains, "abc"
*.* ?HostAbcMessages

:msg, contains, "zyx"
*.* ?HostZyxMessages


johnn
Create log files based on host name [ In reply to ]
rgerhards at hq
Jun 3, 2008, 12:39 PM
Post #3 of 3 (4690 views)
Permalink
Sorry, looks like I overlooked this message before. But Johnn has
provided a perfect answer :)

Rainer

> -----Original Message-----
> From: rsyslog-bounces at lists.adiscon.com
> [mailto:rsyslog-bounces at lists.adiscon.com] On Behalf Of Johnny Tan
> Sent: Tuesday, June 03, 2008 9:09 PM
> To: rsyslog-users; erik at tengblad.net
> Subject: Re: [rsyslog] Create log files based on host name
>
> Erik Tengblad wrote:
> > Hello all,
> >
> > First of all, let me apologize in advance for the somewhat
> newbie-ish
> > nature of this question. I'm sure there's an easy way to solve my
> > problem, but I've been looking for an answer for weeks now
> without being
> > able to find one.
>
> Seeing no one has yet replied, let me give this a shot (just
> got back from vaca, else I would've replied earlier).
>
>
> > 1) All the log files are written per host. IE, we want
> rsyslog to write
> > seperate log files based on the host from which the logs
> are being sent.
> > Say we have 10 machines, each called host01 to host 10. We
> want all the
> > log information from host01 to be written to
> /var/log/host01/logfile.log
> > and so on. We've tried achieving this using templates and
> the :hostname,
> > isqueal, "host01" feature, but we just can't get it to
> work. Most likely
> > we've not used the correct syntax in the rsyslog.conf file.
>
> $template HostMessages, "/var/log/%HOSTNAME%/logfile.log"
>
>
>
> > 2) We want all log information containing a certain string
> to be written
> > to separate log files as well. So everything containing
> 'zyx' should be
> > written to /var/log/host01/zyx.log and everything containing 'abc'
> > should be written to /var/log/host01/abc.log and so on.
>
> I think you'd need two templates:
> $template HostAbcMessages, "/var/log/%HOSTNAME%/abc.log"
> $template HostZyxMessages, "/var/log/%HOSTNAME%/zyx.log"
>
> :msg, contains, "abc"
> *.* ?HostAbcMessages
>
> :msg, contains, "zyx"
> *.* ?HostZyxMessages
>
>
> johnn
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
>

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal