RSyslog: Separate Log File for Each Host

RSyslog RSyslog

I’m converting one of my Raspberry Pi systems, becky, into an RSyslog-based log collector, and while there’s not enough knowledge for a complete tutorial yet, I think I’ll start making short notes here in case someone comes looking for them.

Centralised RSyslog: sort logs by host name

One of the most common tasks after you configure your remote servers to ship logs into your new RSyslog collector is to start logging events into separate log files.

Specifically, you may want to have one log per each server, perhaps with the hostname in the filename.

Here’s how you do this. Add the following lines to /etc/rsyslog.conf, taking into account that your logs location may not be the /logs filesystem but some other path:

$template DynaFile,"/logs/%HOSTNAME%.log"
_._ ?DynaFile

… and restart rsyslogd:

root@becky:/logs # systemctl restart rsyslog

That’s it, I can now see that there are separate logs created in /logs for my home office systems: becky, s7 and server are the hostnames.

root@becky:/logs # ls -al
total 284
drwxr-xr-x 4 root root 4096 Mar 1 12:40 .
drwxr-xr-x 26 root root 4096 Feb 28 16:51 ..
-rw-r----- 1 root adm 9554 Mar 1 12:59 becky.log
-rw-r----- 1 root adm 370 Mar 1 12:55 s7.log
-rw-r----- 1 root adm 12786 Mar 1 12:41 server.log

See Also




Keep Learning

Follow me on Facebook, Twitter or Telegram:
Recommended
I learn with Educative: Educative
IT Consultancy
I'm a principal consultant with Tech Stack Solutions. I help with cloud architectrure, AWS deployments and automated management of Unix/Linux infrastructure. Get in touch!

Recent Tweets