Collect log messages by Syslog-NG

Recently I had to collect log files from a couple remote hosts with Syslog-NG. I found a pretty good config which separates the log files in different folders based on the hostname.

Ubuntu Syslog-NG server:

<br /> vi /etc/syslog-ng/syslog-ng.conf<br />

<br /> source s_net {<br /> udp(<br /> ip(SYSLOG-SERVER-IP)<br /> port(514)<br /> );<br /> tcp(<br /> ip(SYSLOG-SERVER-IP)<br /> port(514)<br /> );<br /> };<br /> destination d_remotehosts {<br /> file("/var/log/remote-hosts/$HOST/$YEAR-$MONTH-$DAY.log" create_dirs(yes) dir_owner(root) dir_group(adm) dir_perm(0640));<br /> };<br /> log {<br /> source(s_net);<br /> destination(d_remotehosts);<br /> };<br />

Example:

<br /> /var/log/remote-hosts/HOST-1/2014-07-01.log<br />