Hi
Need to seperate logfiles on your syslog server on per remote ip basis and syslog facility?
Here my /etc/rsyslog.d/40-remote.conf
*.* /var/log/remote/all.log $template DynFile,"/var/log/remote/%fromhost-ip%/%syslogfacility-text%.log" :source , !isequal , "yourhostname" ?DynFile :source , !isequal , "yourhostname" ~
If you want to seperate logfiles per hostname basis use this
*.* /var/log/remote/all.log $template DynFile,"/var/log/remote/%HOSTNAME%/%syslogfacility-text%.log" :source , !isequal , "youhostname" ?DynFile :source , !isequal , "yourhostname" ~
Just replace yourhostname with the output of the command “root@yourhostname:~# hostname”
If you use Ubuntu 10.04 there is a bug in rsyslog with the option “$PrivDropToGroup syslog” in /etc/rsyslog.conf
Just replace the line with “$PrivDropToGroup adm”
And finally here my logroation config placed under /etc/logrotate.d/remote
/var/log/remote/*/*.log
/var/log/remote/all.log
{
rotate 52
weekly
missingok
notifempty
compress
delaycompress
sharedscripts
postrotate
reload rsyslog >/dev/null 2>&1 || true
endscript
}
Have fun!