Having a remote syslog server is very handy for storing logs from network devices. Having a easy way to store these logs is key to staying sane. One solution is to setup a syslog host and point devices to it. Normally this just fills the syslog file on the log host, but with syslog-ng, we can automatically create log files for each host sending data.
# this line lets the syslog server “listen†to other hosts
source network { udp(); };
# automatic host sorting
# The “std†destination is the default destination statement for syslog-ng
# The subdirectories are optional and shown here as an example, you could put all hosts into /var/log/HOSTS/
destination std {
file(â€/var/log/HOSTS/$HOST/$YEAR/$MONTH/$DAY/$FACILITY†owner(root) group(admin) perm(0640) dir_perm(0750) create_dirs(yes) );
};
# log the data
log {
source(network);
destination(std);
};
Now any logs sent to the syslog host will be automatically created.
It’s important to remember to rotate the logs.
#add the following to /etc/logrotate.d/syslog-ng
/var/log/HOSTS/* {
rotate 52
daily
missingok
notifempty
compress
}