I’m actually working on Syslog Server in CentOS 7.
I would like to create a dynamic file from the user variable on the message part.
So, in my example, if the message part is :
30-Jan-2022 11:50:10 HOSTNAME ... pri=5 confid=01 slotlevel=2 user="A.Smith" domain="lab.test" ...
I want to dynamically create a file (named A.Smith) and put all logs from the user A.Smith in here. And do this for all the others : 400 users.
My rsyslog.conf is currently configured like this :
$template ChangeFormatLog,"%$day%-%timegenerated:1:3:date-rfc3164%-%$year% %timegenerated:12:19:date-rfc3339% %HOSTNAME% %syslogtag% %msg%n"
$templateDynamicFile,"/var/log/syslogclients/$YEAR-$MONTH-$DAY/%HOSTNAME%.log"
*.* ?DynamicFile;ChangeFormatLog
I don’t know what to write in the rsyslog.conf to retrieve this data .. or if it’s possible (?)
Someone can help me plz ?
2
Answers
The problem is that i have arround 20 computers for arround 400 users.
It’s internet station for clients. They can put their ID on a captive portal into Firefox. They share the same account windows.
I just want to create user.log (user = ID put into the captive portal), in my server syslog.
Actually i retrieve my logs like that :
30-Jan-2022 11:50:10 HOSTNAME ... pri=5 confid=01 slotlevel=2 user="A.Smith" domain="lab.test" ..
I guess it’s possible with a script who analyzes the frames .. Dunno how to do this
What you’re trying to achieve is not possible just using rsyslog. This answer is based on the assumption, that you have multiple users on multiple host machines.
Create a script which creates a
username.logfiles for each user.Create a script which writes all needed data to
username.logfileForward all the
username.logfiles to your syslog server