Remote rsyslogd with filters

Add at the beginning of /etc/rsyslog.d/50-default.conf:

$template PerHostLog,"/var/log/filename.log"
if $fromhost-ip != ’127.0.0.1′ then -?PerHostLog
& ~

Uncomment the lines in /etc/rsyslog.conf:

$ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerRun 514

Restart the service

sudo service rsyslog restart

Don’t forget to tune the permissions:

sudo chown syslog:syslog /var/log
Bookmark the permalink.

Leave a Reply

Your email address will not be published.