I'm running CentOS 7.5. I've currently got rsyslog setup and working. The only problem is that it's not recognizing the %HOSTNAME% variable in my file path. Instead of writing the logs to a separate file for each host, it's creating a file called '%HOSTNAME%' and writing the logs there.
This is what I currently have in my /etc/rsyslog.conf file.
if $fromhost-ip startswith "10." then /var/log/Client_Logs/%HOSTNAME%.log
& ~
Everything with this is working, except for creating a separate file for each device. I'm not sure if the client device is failing to provide this information or not. I've got several client devices so far and they are all Cisco switches.
I've also tried using other variables like '%FROMHOST-IP%' and they also do not work.
Any help is appreciated. Thanks.
For dynamic files, you must first define them separately in a template. Eg
$template DynFile,"/var/log/Client_Logs/%HOSTNAME%.log"
if $fromhost-ip startswith "10." then ?DynFile
See actions.