I am using a propriety device which sends syslog events to a server. By default, these messages are ending up in /var/log/syslog. I am unable to configure a different file target on the device.
Is there a way to configure syslog so that external events are kept in a separate file?
I have a centralized syslog server running rsyslogd, which should be default in Ubuntu as well. Apart from saving all syslog messages to MySQL, i have the following configuration to store them to individual files by hostname:
if $fromhost-ip != "127.0.0.1" then {
$template remotelog,"/var/log/remote/%hostname%.log"
*.* ?remotelog
stop
}
This is written in RainerScript, which should be included in your rsyslogd version since Ubuntu 14.04. Just paste it to your rsyslogd.conf file.