Hello Jean-Marie,
you can try to use exec_template [1] which was developed for such purposes.
This can be a base for your configuration
template(name="getFromhostip" type="string"
string="%fromhost-ip:R,ERE,0,DFLT:([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})--end%")
# do not forget the ';' character on the end of following line
set $.subnet=exec_template("getFromhostipprefix");
$template FILENAME,"/var/log/rsyslog_remote/%$.subnet%/%fromhost-ip%.log"
You can test your regexes on rsyslog page[2]. And read more on setting
variables[3].
Use of regexes affects performance and thus lookup tables might help
here[4] or use setting $.subnet variable value based on simple if-else
with match on '$fromhost-ip startswith "10.10.4."'.
[1] https://www.rsyslog.com/how-to-use-set-variable-and-exec_template/
[2] https://www.rsyslog.com/regex/
[3] https://www.rsyslog.com/how-to-set-variables-in-rsyslog-v7/
[4] https://www.rsyslog.com/doc/master/configuration/lookup_tables.html
--
Peter
On Wed, Nov 28, 2018 at 5:07 PM External Jean marie MAGNIER -CAMPUS-
via rsyslog <[email protected]> wrote:
>
> Hello All,
>
> I'am trying to deploy a provisionning solution for more than 10.000 CentOS
> linux client from PXE server. One of my goal is to consolidate build log on
> centralized remote server.
>
> Each client is able to send syslog to remote server. And my dificulties is
> to log by subnet, example :
>
> Client 1 10.10.4.xx/24
>
> Client 2 10.10.4.xy/24
>
> Client 3 10.10.5.xx/24
>
>
> *I try to log in centralized rsyslog server :*
> /var/log/rsyslog_remote/10.10.4/<IP client 1>/syslog.log
> <IP client 2>/syslog.log
> /10.10.5/<IP client 3>/syslog.log
>
>
> *But I found only solution to log in*
> /var/log/rsyslog_remote/<IP client 1>/syslog.log
> /<IP client 2>/syslog.log
> /<IP Client 2>/syslog.log
>
> To do that I have a config file /etc/rsyslog.d/10-remote.conf
>
> * # Define customized target*
> * $template FILENAME,"/var/log/rsyslog_remote/%fromhost-ip%/syslog.log"*
> * $template LOCALFILENAME,"/var/log/rsyslog_local/%fromhost%.log"*
>
> * # write remote og in previous defined file*
> * :fromhost-ip, !isequal, "127.0.0.1" -?FILENAME*
> * & ~*
>
> * # write local log*
> * *.* -?LOCALFILENAME*
>
>
>
> *Request Help :*
> Maybe you have an idea to define something like
>
> $template FILENAME,"/var/log/rsyslog_remote/*<subnet>*
> /%fromhost-ip%/syslog.log"
>
>
>
> Thanks for your help
>
> --
> *Cordialement Jean-Marie*
>
>
> Magnier Jean-Marie - IS System Engineer - Prestataire
> *IT Department | IT Retail Workstation* Business Unit
> *CE-INFRARETAIL Team*
> @Mail <[email protected]> | Tel : +33(0)6.08.75.52.68
>
> We need your help to improve our services and your satisfaction !
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
> LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
