3

I'm moving from a syslog-ng central log host to rsyslog. I can't even seem to find syslog-ng in the CentOS repos these days. I want to filter logs by hostname and facility.

Here is how I do it in syslog-ng

destination std { 
    file("/var/log/HOSTS/$HOST/$YEAR/$MONTH/$DAY/$FACILITY_$HOST_$YEAR_$MONTH_$DAY" 
        owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)
    ); 
};

Is there a simple way to do this with rsyslog?

Mark Cohen
  • 1,352
  • 9
  • 12
  • FWIW: syslog-ng is still maintained and can be installed from EPEL. See http://dl.fedoraproject.org/pub/epel/6/x86_64/repoview/syslog-ng.html. – dartonw Dec 03 '12 at 22:43

1 Answers1

3

This is done via templates, like this:

$template HostDynFile,"/var/log/HOSTS/%HOSTNAME%/%$YEAR%/%$MONTH%/%$DAY%/%syslogfacility-text%_%HOSTNAME%_%$YEAR%_%$MONTH%_%$DAY%"

This template can then be used when defining an output selector line, e.g.:

*.* -?HostDynFile

More info is available here: Building A Central Loghost On CentOS And RHEL 5 With rsyslog

Alexander Shcheblikin
  • 1,768
  • 1
  • 14
  • 16