setting up rsyslog

[saur02]

I have setup rsyslog on Ubuntu server, and would like it to receive logs from various devices on my network. I have mounted a separate drive to store the logs on (/mnt/storage/logs). I have uncommitted the

Code:

$ModLoad imudp

and

Code:

$UDPServerRun 514

lines in /etc/rsyslog.conf.

I have added a file /etc/rsyslog.d/30-gateway.conf with the following code, and the server is receiving logs successfully from my router.

Code:

$template DynFile,"/mnt/storage/logs/gateway/%$year%%$month%%$day%.log"
:fromhost-ip, isequal, "192.168.2.1" ?DynFile
:fromhost-ip, isequal, "192.168.2.1" ~

I have also added a file for the media server (ubuntu), but the server is not receiving the logs.

Code:

$template DynFile,"/mnt/storage/logs/media/%$year%%$month%%$day%.log"
:fromhost-ip, isequal, "192.168.2.13" ?DynFile
:fromhost-ip, isequal, "192.168.2.13" ~

On the media server I have added the following code to /etc/rsyslog.conf

Code:

$ModLoad imuxsock # provides support for local system logging$ModLoad imklog   # provides kernel logging support
#$ModLoad immark  # provides --MARK-- message capability

*.* @192.168.2.12:514

[ikki_72]

sometimes, even not tabbing between source and destination also could trigger this

[saur02]

Ok so it looks like it was working all along, but what I was trying to do (and expecting to happen) was for the log files from each client to stored in a separate directory. Is this possible with rsyslog?

[Habitual]

Ok so it looks like it was working all along, but what I was trying to do (and expecting to happen) was for the log files from each client to stored in a separate directory. Is this possible with rsyslog?

Have a look at the
%HOSTNAME% parameter of $template