Re: [rsyslog] another n00b question about logging clients logs to their own directories based on hostnames

Wed, 03 Mar 2021 10:40:28 -0800

log some of the messages with the template RSYSLOG_DebugFormat so we can see the log and how it's parsed, that should give us the info we need to figure out what's happening. 

David Lang

 On Wed, 3 Mar 2021, linksonice via rsyslog wrote:


Date: Wed, 3 Mar 2021 11:21:38 -0700 (MST)
From: linksonice via rsyslog <[email protected]>
To: [email protected]
Cc: linksonice <[email protected]>
Subject: [rsyslog] another n00b question about logging clients logs to their
    own directories based on hostnames

Hi everybody

I am wondering about the following scenario:

- a bunch of rsyslog clients, ALL windows

- an rsyslog server, Centos 8 running rsyslog-8.1911.0-6.el8.x86_64

It seems the syntax has changed for v8, compared to versions previous.

I am specifying this in my Centos rsyslog server's /etc/rsyslog.conf:

/# log every host in its own directory
template(name="RemoteHost" type="string"
string="/var/log/external/%HOSTNAME%/windows_events-%$YEAR%%$MONTH%%$DAY%.log")

# Remote Logging
$RuleSet remote
*.* ?RemoteHost/

and yet ... all my client windows event manager log entries are logged to
the one unique /var/log/messages on my Centos 8.

rsyslogd -N1 indicates the config is all fine, and yet ... those lines don't
seem to be doing their thing, or the thing I need them to do.

Can anyone see any obvious indicator of where I'm going wrong?

Thanks for your comments

Andrei






--
Sent from: http://rsyslog-users.1305293.n2.nabble.com/
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.


_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Reply via email to