> -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of Harry Putnam > Sent: Thursday, February 25, 2010 1:59 AM > To: [email protected] > Subject: Re: [rsyslog] How to make rsyslog create dir per host > > "Rainer Gerhards" <[email protected]> writes: > > > At least for me, it would be usefuly if you could describe your > > needs in relatively precise words. It may be obvious for you, but > > that is what is hard to grasp for me... >
sorry, that was too brief. I was on a PDA and it was late ;) My intent is to see if I can write up a cookbook entry for what you need, but I have no clear understanding what's your intent. Now let me read through the rest of your mail and see where I come to... ;) > Not sure what you are talking about here Rainer. I was just replying > to someone who appeared to think I had made some disparaging remark > about the documentation. > > I simply wanted to clear that up... > > > Now if you mean for me to explain more precisely what I wanted from > rsyslog, I'll do that. > > However, let me say first that with Aarons' pointers to URLS that I am > now working my way thru and also having just watched one of your > videos and the basics... I have to tell you that that caliber of the > documentation is really quite high. > > There is in depth coverage and then very helpful outside resources such > as the video and other postings of yours. > > I wish I had the command of a foreign language as well as you have of > english. I'm a native english speaker... but am sadly nearly > illiterate in my own language. > > The documentation really does out class the usual documentation one > encounters in unix/linux tools. Thanks for the kind words, but you had a valid point in your initial remarks: the rsyslog doc may be good for someone who intends to understand the whole system and be an expert at that. However, most often people look for a solution to a specific problem. They don't want to understand how everything works together, just solve that immediate need quickly. I think this is a valid need, I have it myself with other softwares often enough ;) The rsyslog doc completely fails to address this use case. I hope the cookbook will somewhat improve that situation. I am not sure if you saw my longer blogpost, it has the details ;) > > ------- --------- ---=--- --------- -------- > What I sought to convey in my question about creating directories: > > Its really low level so sorry I didn't get it across very well. > > Once I got the clients writing across the network to the rsyslog > server, and the server listening and logging the data, I thought for > now it would be good to have rsyslog on the server create directories > for each remote client, and write everything from each client to > /var/log/%hostname%/everthing.log (as a beginning point. > > While I figure out how to set things up so that each incoming log > from remote would be split up further under the top level directories. > > Kind of like the example shown at (wrapped for mail): > > http://wiki.rsyslog.com/index.php/ \ > Sysklogd_drop-in_with_remote_logs_separated_by_dynamic_directory > > Just one level deeper. So one level of dynamic directory is created > for each client host. Later I'll probably want to spit that a bit more ... and here is where some information is missing ;) *How* do you want to split these logs? I am not sure about this, and so I have no clear idea of how a configuration could look like. As there are some limits on the way filters can be combined, this is a very important point. As a side-note: I do not know your log volume, but if it is not overwhelmingly large to prevent storing logs to a database, I'd probably do that and analyze and search it with free GPLed Adiscon LogAnalyzer: http://loganalyzer.adiscon.com These days, we are preparing a new v3 release which also supports reporting (and you can schedule that via cron, too). (Adiscon LogAnalyzer also works with plain text files, but this is only meant for low-volume, few-system consolidated logs - otherwise the performance will be very bad). HTH Rainer > > Once I have a more permanent plan figured out I would at least have > the full output from each client host on hand. > > I needed to get the basics up some whet urgently in that I had one host > failing silently or at least not leaving a trace I could find in its > logs. It would just freeze up, where the mouse and keyboard became > unresponsive and could not connect to the problem host remotely > either. > > On mechanical reboot, it would look like the system logger froze up > too but someone told me I might catch some log data that would be lost > on a hard reboot if I had that host logging remotely...thru rsyslog. > > I doubted that would be true since it appears as though networking is > froze. But I have gotten rsyslog logging remotely now and waiting for > a freezeup to see if I can get any more clues as to what is causing > the problem. > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
