I have a syslog server (running rsyslog on RHEL 7.4) that consolidates all the syslogs from my network devices. It's listening on port TCP/514.
I want to redirect the logs of each device to a different file in a dedicated directory (based on their IP address), instead of getting them all in /var/log/messages
. How can I do that?
Best Answer
It seems it is documented on rsyslog web site here : https://www.rsyslog.com/storing-and-forwarding-remote-messages
To summarize :
You should define a template for log files, something like e.g :
Then apply this template to messages coming from remote hosts :