====== Logs ======

===== Centralized logs files =====

There are things to do on both server and hosts.

==== On the target host ====

Append the following line to the ''/etc/rsyslog.conf'' file and restart the rsyslog service.
<code>*.* @IP_ADDRESS_OF_THE_LOG_SERVER</code>

==== On the log server ====

Uncomment those lines in ''/etc/rsyslog.conf'' file.
<code># provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514</code>

Add a file in the ''/etc/rsyslog.d'' directory for each remote logging host in with the following content:
<code>$template myhostname, "/var/log/%HOSTNAME%/%PROGRAMNAME%.log"
if $fromhost-ip == 'HOST_IP_ADDRESS' then ?myhostname</code>

This will store log files of remote hosts in different folders following the **hostname**, with filenames corresponding to the name of the program that emitted logs.