rsyslog server - Can you split up and organize logs?

Posted by Jakobud on Server Fault See other posts from Server Fault or by Jakobud
Published on 2011-01-05T21:38:24Z Indexed on 2011/01/05 21:56 UTC
Read the original article Hit count: 242

Filed under:

centos

|

rsyslog

I recently setup one of our servers as an rsyslog server. I now have our firewall setup to log everything to that rsyslog server.

But there doesn't seem to be an organization of the logs. All the firewall logs are just being dumped into the /var/log/messages on the rsyslog server. I guess I was maybe expecting them to at least be in a machine specific log file or directory.

How can I organize the incoming logging? If I setup 20 servers to all log everything to a central rsyslog server, I really don't want everything being dumped into one big file or a few files. How can I setup rsyslog to tell it where to log what? Like if all the logs for a specific server were in it's own directory/file, etc... Is this possible?

© Server Fault or respective owner

Related posts about centos

Problems with repositories on CentOS 3.9

as seen on Super User - Search for 'Super User'
Hello, I have CentOS 3.9 for i386. When I try to instal some thing with yum, i.e: yum install firefox or yum install firefox* or yum list firefox and so on, I get: +++++++++++++++++++ yum info firefox Gathering header information file(s) from server(s) Server: CentOS-3 - Addons Server: CentOS-3 -… >>> More
Problems with repositories on CentOS 3.9

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello, I have CentOS 3.9 for i386. When I try to instal some thing with yum, i.e: yum install firefox or yum install firefox* or yum list firefox and so on, I get: +++++++++++++++++++ yum info firefox Gathering header information file(s) from server(s) Server: CentOS-3 - Addons Server: CentOS-3 -… >>> More
centos yum problems

as seen on Server Fault - Search for 'Server Fault'
I am really new to using linux and have just formatted my centos 5.2 vps and am trying to install links by using the command yum install links. But the following error gets displayed: [root@inverses ~]# yum install links Loading "fastestmirror" plugin Loading mirror speeds from cached hostfile *… >>> More
Networking issues with Linux server (CentOS 5.3)

as seen on Server Fault - Search for 'Server Fault'
I have a Linux server hosting our bug tracking software (CentOS 5.2 Kernel 2.6.18-128.4.1.el5) that I have having some strange network problems with. The machine is configured with two NICS, one for the public interface and the other for our server back end network. The problem is that after doing… >>> More
Networking issues with Linux server (CentOS 5.3)

as seen on Server Fault - Search for 'Server Fault'
I have a Linux server hosting our bug tracking software (CentOS 5.2 Kernel 2.6.18-128.4.1.el5) that I have having some strange network problems with. The machine is configured with two NICS, one for the public interface and the other for our server back end network. The problem is that after doing… >>> More

Related posts about rsyslog

How to start up rsyslog automatically?

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
Check current status of rsyslog $ chkconfig --list rsyslog rsyslog 0:off 1:off 2:off 3:off 4:off 5:off 6:off Start up rsyslog at some levels $ sudo chkconfig --level 35 rsyslog on It outputs these information: insserv: warning: script 'plymouth-stop' missing LSB tags… >>> More
rsyslog channels change ownership from root

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
Hello all I am using rsyslog on ubuntu 10.4 64bit LTS. the following is the relevant config in /etc/rsyslog.d/60-mylogger.conf $template Paul,"%msg%\n" $outchannel log_rotation_paul,/var/log/paul/events.log,2000,/opt/scripts/log_rotation_script.sh local0.* $log_rotation_paul;Paul This… >>> More
Rsyslog stops sending data to remote server after log rotation

as seen on Server Fault - Search for 'Server Fault'
In my configuration, I have rsyslog who is in charge of following changes of /home/user/my_app/shared/log/unicorn.stderr.log using imfile. The content is sent to another remote logging server using TCP. When the log file rotates, rsyslog stops sending data to the remote server. I tried reloading… >>> More
Does the ``-'' sign have meaning in rsyslog.conf

as seen on Server Fault - Search for 'Server Fault'
Rsyslog is backwards-compatible with Syslog configuration files. The syslog.conf man page has: You may prefix each entry with the minus ``-'' sign to omit syncing the file after every logging. Note that you might lose information if the system crashes right behind a write attempt. Nevertheless… >>> More
Rsyslog to get logs from one machine to another

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi I am very new to this... please help me configure rsyslog to get log from one machine to another machine. I am trying to get the log files from multiple systems to a base system. I have installed rsyslog on Ubuntu and tried configuring it But it did not work >>> More