Dynamic file name doesn't work in rsyslog

Question

The filename in rsyslog can be either static or dynamic. The later is useful if you would automatically split messages into different files based on some message criteria. I need split logs depend on IP -like: 10.10.10.10.log Why doesn't it work? Can I use something different to create it? Maybe python/bash script?

My config file look like this: [rsyslog v5]

#### RULES ####

local6,local5.*                              /var/log/systems/device-all.log

<=15.info;mail.none;authpriv.none;cron.none                /var/log/messages

authpriv.*                                              /var/log/secure

mail.*                                                  -/var/log/maillog

cron.*                                                  /var/log/cron

*.emerg                                                 *

uucp,news.crit                                          /var/log/spooler

local7.*                                                /var/log/boot.log

$template DynamicFile,"/var/log/systems/host-%HOSTNAME%.log"

*.*    -?DynamicFile

local6,local5.*                               /var/log/systems/device-all.log

score 3 · Answer 1 · answered Nov 02 '15 at 15:56

3

I think that first of all you have to set the template as

$template DynamicFile,"/var/log/systems/host-%fromhost-ip%.log"

because you want separation according to ip. next I think that the correct value for logging is

*.*    ?DynamicFile

answered Nov 02 '15 at 15:56

LilloX

1,216
7
12

Dynamic file name doesn't work in rsyslog

1 Answers1

Linked