Syslog

From Hurlster Wiki

Jump to navigation Jump to search

Remote Syslogging

/etc/default/rsyslog

# Options for rsyslogd
# -m 0 disables 'MARK' messages (deprecated, only used in compat mode < 3)
# -r enables logging from remote machines (deprecated, only used in compat mode < 3)
# -x disables DNS lookups on messages received with -r
# -c compatibility mode
# See rsyslogd(8) for more details
RSYSLOGD_OPTIONS="-r -m0 -c4"

Custom Log Redirect

/etc/rsyslog.d/10-custom.conf

# process remote messages
$template GW,"/var/log/router.log"
:fromhost-ip,isequal,"192.168.0.1"    -?GW
& ~

Per IP Logging

/etc/rsyslog.d/10-custom.conf

$template DynaFile,"/var/log/network/%FROMHOST-IP%-%HOSTNAME%.log"
*.* -?DynaFile

Retrieved from "https://hurlster.com/wiki/index.php?title=Syslog&oldid=2725"

Linux

Navigation menu