How to call template so rsyslog 8 creates one log file per client

rsyslog

I'm using rsyslog 8.22 to receive syslog data sent from client hosts.
My goal is to have one log file created per client.

I've found a lot of data on older versions of rsyslog, but the change in configuration syntax has thrown me.

This configuration proves rsyslog is working, but aggregates all entries into one file:

if $fromhost-ip startswith '192.168.117.' then {
    action(type="omfile" file="/var/log/network.log")
    stop
}

(The rest of my /etc/rsyslog.conf is default.)

The following is not working. (No file is created):

template (name="DynFile" type="string" string="/var/log/network-%fromhost-ip%.log")
if $fromhost-ip startswith '192.168.117.' then {
    action(type="omfile" file="DynFile")
    stop
}

What am I missing?

Best Answer

The fix is to specify dynaFile in the action argument (not file).

template (name="DynFile" type="string" string="/var/log/network-%fromhost-ip%.log")
if $fromhost-ip startswith '192.168.117.' then {
    action(type="omfile" dynaFile="DynFile")
    stop
}

This creates the expected results:

$ ls -l /var/log/network/    
-rw-r--r--. 1 root root       286 Oct  4 13:21 192.168.117.21.log    
-rw-r--r--. 1 root root       284 Oct  4 13:25 192.168.117.22.log
-rw-r--r--. 1 root root       184 Oct  4 13:32 192.168.117.27.log
$
Related Topic