AS201281 Wiki

Your check engine light is on!

User Tools

Site Tools


Sidebar

Infrastructure & System administration

Operations

Services and infrastructure

sysadmin:logs

Logs

Centralized logs files

There are things to do on both server and hosts.

On the target host

Append the following line to the /etc/rsyslog.conf file and restart the rsyslog service.

*.* @IP_ADDRESS_OF_THE_LOG_SERVER

On the log server

Uncomment those lines in /etc/rsyslog.conf file.

# provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514

Add a file in the /etc/rsyslog.d directory for each remote logging host in with the following content:

$template myhostname, "/var/log/%HOSTNAME%/%PROGRAMNAME%.log"
if $fromhost-ip == 'HOST_IP_ADDRESS' then ?myhostname

This will store log files of remote hosts in different folders following the hostname, with filenames corresponding to the name of the program that emitted logs.

sysadmin/logs.txt · Last modified: 2021/01/04 21:41 (external edit)