Logs
- Centralized logs files
  - On the target host
  - On the log server

Logs

Centralized logs files

There are things to do on both server and hosts.

On the target host

Append the following line to the /etc/rsyslog.conf file and restart the rsyslog service.

*.* @IP_ADDRESS_OF_THE_LOG_SERVER

On the log server

Uncomment those lines in /etc/rsyslog.conf file.

# provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514

Add a file in the /etc/rsyslog.d directory for each remote logging host in with the following content:

$template myhostname, "/var/log/%HOSTNAME%/%PROGRAMNAME%.log"
if $fromhost-ip == 'HOST_IP_ADDRESS' then ?myhostname

This will store log files of remote hosts in different folders following the hostname, with filenames corresponding to the name of the program that emitted logs.

Table of Contents

Logs

Centralized logs files

On the target host

On the log server