I’m converting one of my Raspberry Pi systems, becky, into an RSyslog-based log collector, and while there’s not enough knowledge for a complete tutorial yet, I think I’ll start making short notes here in case someone comes looking for them.
One of the most common tasks after you configure your remote servers to ship logs into your new RSyslog collector is to start logging events into separate log files.
Specifically, you may want to have one log per each server, perhaps with the hostname in the filename.
Here’s how you do this. Add the following lines to /etc/rsyslog.conf, taking into account that your logs location may not be the /logs filesystem but some other path:
… and restart rsyslogd:
That’s it, I can now see that there are separate logs created in /logs for my home office systems: becky, s7 and server are the hostnames.