Collect log messages by Syslog-NG

Recently I had to collect log files from a couple remote hosts with Syslog-NG. I found a pretty good config which separates the log files in different folders based on the hostname.

Ubuntu Syslog-NG server:


vi /etc/syslog-ng/syslog-ng.conf


source s_net {
udp(
ip(SYSLOG-SERVER-IP)
port(514)
);
tcp(
ip(SYSLOG-SERVER-IP)
port(514)
);
};
destination d_remotehosts {
file("/var/log/remote-hosts/$HOST/$YEAR-$MONTH-$DAY.log" create_dirs(yes) dir_owner(root) dir_group(adm) dir_perm(0640));
};
log {
source(s_net);
destination(d_remotehosts);
};

Example:


/var/log/remote-hosts/HOST-1/2014-07-01.log