AS201281 Wiki

Your check engine light is on!

User Tools

Site Tools


Infrastructure & System administration


Services and infrastructure



Centralized logs files

There are things to do on both server and hosts.

On the target host

Append the following line to the /etc/rsyslog.conf file and restart the rsyslog service.


On the log server

Uncomment those lines in /etc/rsyslog.conf file.

# provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514

Add a file in the /etc/rsyslog.d directory for each remote logging host in with the following content:

$template myhostname, "/var/log/%HOSTNAME%/%PROGRAMNAME%.log"
if $fromhost-ip == 'HOST_IP_ADDRESS' then ?myhostname

This will store log files of remote hosts in different folders following the hostname, with filenames corresponding to the name of the program that emitted logs.

sysadmin/logs.txt · Last modified: 2021/01/04 21:41 (external edit)