Re: [rsyslog] another n00b question about logging clients logs to their own directories based on hostnames

Thu, 11 Mar 2021 11:32:57 -0800

the problem is figuring out how to determine what is a windows sender and what isn't.
What are you using to send the logs from the windows machines? The best option is probably to have that software tag the logs with something you can test for. 

David Lang

On Thu, 11 Mar 2021, linksonice via rsyslog wrote:


Date: Thu, 11 Mar 2021 11:39:41 -0700 (MST)
From: linksonice via rsyslog <[email protected]>
To: [email protected]
Cc: linksonice <[email protected]>
Subject: Re: [rsyslog] another n00b question about logging clients logs to
    their own directories based on hostnames

Thanks Yury, that's a fair bit to think about there, and may help to make
things a little clearer going forward. The omfile static filename parameter
thing certainly makes sense.

In response to David also, in the previous note, DynaFile is just an
arbitrary name indeed; changed it to WindowsLogs and the behaviour is the
same so well noted.

The last thing I want to be able to understand is how to log a bunch of
Linux clients SEPARATELY from the Windows clients [not that we have any now,
but we may do in future] - is there an easy to separate the 2 flavours of
clients, or do we need to fall back to

if $fromhost-ip

type conditional blocks? I swear this used to be easy, pre-v6!

It seems difficult to visualise, based on the need to exclude the local
machine / rsyslog server aws-delta-mon with the conditional. Otherwise

$template
WindowsLogs,"/var/log/external/%HOSTNAME%/windows_events-%$YEAR%%$MONTH%%$DAY%.log"

just processes everything it will see I imagine [?] windows or not.




--
Sent from: http://rsyslog-users.1305293.n2.nabble.com/
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.


_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.























					Reply via email to