February 2020
Intermediate to advanced
666 pages
15h 45m
English
Content preview from Mastering Linux Security and Hardening - Second Edition
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Separating client messages into their own files
This is something else that's easy-peasy. We'll just make a couple of simple edits to the rsyslog rules on the log server and restart the rsyslog daemon. For our demo, I'll use the CentOS 8 VM.
In the RULES section of the /etc/rsyslog.conf file, I'll look for this line:
*.info;mail.none;authpriv.none;cron.none /var/log/messages
And I'll change it to this:
*.info;mail.none;authpriv.none;cron.none ?Rmessages
Above that line, I'll insert this line:
$template Rmessages,"/var/log/%HOSTNAME%/messages"
I'll then do likewise for the auth messages:
# authpriv.* /var/log/secure$template Rauth,"/var/log/%HOSTNAME%/secure"auth.*,authpriv.* ?Rauth
Finally, I'll restart rsyslog:
sudo systemctl restart rsyslog ...