rsyslog: How do I direct messages from all remote machines to one file?

linux logging syslog rsyslog

We have a syslog server and we have all our servers logging to it.

We want a sort of "catch-all" drippan rule for all remote messages that we have not configured a rule for.

Anyone know how to accomplish this?


So this is how I configured this in rsyslog.conf:

# Log remote hosts to separate log file
$template PerHostLog,"/var/log/remote-hosts/%HOSTNAME%.log"
$template RemoteHostFileFormat,"%TIMESTAMP% %HOSTNAME% %syslogfacility-text% %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::space-cc,drop-last-lf%\n"
:inputname, isequal, "imudp" ?PerHostLog;RemoteHostFileFormat
& ~

This traps all log messages received via UDP (imudp) and puts it in a file whose filename corresponds to the hostname the log message originated from.

Related

pam_krb5: Error Guessing Name of Local Host Principal
How does VMware vCenter Server work and what are the benefits over vsphere client
Monitoring various Nagios? Alternative to Coffeesaint [closed]
AlwaysOn SQL Server 2012 - any option for true active/active?
Load Balance Mail Gateways
Install php-mssql in CentOS 6.2 [closed]
Cisco ASA Command length
What's the best way to share source code between EC2 instances?
Is there a way of setting up a shortcut to a database for MS SQL Server Management Studio
Mysql replicate-rewrite-db not working
Puppet - pass variable with a file create command
Why is "Bundle Instance" disabled for EC2 instance running Ubuntu 12.04?