rsyslogd auto-configuration

To have rsyslogd automatically create directories and files with whatever you send at it, just put this in your rsyslog.conf file (or a .conf file in /etc/rsyslog.d):

# provide UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

$template DynFile,"/var/log/syslogs/%fromhost-ip%-%fromhost%/%$YEAR%-%$MONTH%-%syslogfacility-text%"

# log everything from remote servers to one file per host+month+facility
if $inputname == 'imudp' or $inputname == 'imtcp' then ?DynFile

# stop logging from remote servers
if $inputname == 'imudp' or $inputname == 'imtcp' then ~

All directories and files are created under /var/log/syslogs, one directory per ip-hostname pair, and one file per facility per month.

You can also add this in your /etc/cron.monthly folder so that old files are compressed on a regular basis:

root 52 7 1 * * /usr/bin/find /var/log/syslogs -type f -mtime +31 | xargs nice -n19 gzip --fast

A better solution would be a logstash setup with Kibana or a Synology NAS, but this is always useful anyway :)

This entry was posted in Computer, Linux and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.