tl;dr I want log messages from the local system to use the typical log file paths under /var/log, remote systems to use /var/log/remote/
On an rsyslog server, remote systems are sending their log messages. Remote hosts are logged per-host, under path /var/log/remote/<hostname>/.
For example, when I login to my-other-host, I see a log message appended the rsyslog server path /var/log/remote/my-other-host/auth.log.
The rsylog server system, rsyslog-server, also generates it’s own logs. However, these log messages are also being logged to files under /var/log/remote/rsyslog-sever/.
For example, when I login to rsyslog-server, I see a log message appended to to file /var/log/remote/rsyslog-server/auth.log.
In other words, I added to the default /etc/rsyslog.conf these lines
$template remote-incoming-logs,"/var/log/remote/%HOSTNAME%/%PROGRAMNAME%.log"
*.* ?remote-incoming-logs
How do I change rsyslog settings to “fallback” to default Linux settings where log messages generated by the local system are logged to /var/log, e.g. logins are logged to /var/log/auth.log ?
