tl;dr I want log messages from the local system to use the typical log file paths under /var/log
, remote systems to use /var/log/remote/
On an rsyslog server, remote systems are sending their log messages. Remote hosts are logged per-host, under path /var/log/remote/<hostname>/
.
For example, when I login to my-other-host
, I see a log message appended the rsyslog server path /var/log/remote/my-other-host/auth.log
.
The rsylog server system, rsyslog-server
, also generates it’s own logs. However, these log messages are also being logged to files under /var/log/remote/rsyslog-sever/
.
For example, when I login to rsyslog-server
, I see a log message appended to to file /var/log/remote/rsyslog-server/auth.log
.
In other words, I added to the default /etc/rsyslog.conf
these lines
$template remote-incoming-logs,"/var/log/remote/%HOSTNAME%/%PROGRAMNAME%.log"
*.* ?remote-incoming-logs
How do I change rsyslog
settings to “fallback” to default Linux settings where log messages generated by the local system are logged to /var/log
, e.g. logins are logged to /var/log/auth.log
?