I'm converting one of my Raspberry Pi systems, becky, into an RSyslog-based log collector, and while there's not enough knowledge for a complete tutorial yet, I think I'll start making short notes here in case someone comes looking for them.
Centralised RSyslog: sort logs by host name
One of the most common tasks after you configure your remote servers to ship logs into your new RSyslog collector is to start logging events into separate log files.
Specifically, you may want to have one log per each server, perhaps with the hostname in the filename.
Here's how you do this. Add the following lines to /etc/rsyslog.conf, taking into account that your logs location may not be the /logs filesystem but some other path:
$template DynaFile,"/logs/%HOSTNAME%.log" *.* ?DynaFile
… and restart rsyslogd:
[email protected]:/logs # systemctl restart rsyslog
That's it, I can now see that there are separate logs created in /logs for my home office systems: becky, s7 and server are the hostnames.
[email protected]:/logs # ls -al total 284 drwxr-xr-x 4 root root 4096 Mar 1 12:40 . drwxr-xr-x 26 root root 4096 Feb 28 16:51 .. -rw-r----- 1 root adm 9554 Mar 1 12:59 becky.log -rw-r----- 1 root adm 370 Mar 1 12:55 s7.log -rw-r----- 1 root adm 12786 Mar 1 12:41 server.log