So, I got the package built and installed yesterday. Today I worked on an initial configuration file.
For long term storage, I want to store the data in a directory structure like:
I plan to use SEC to handle the filtering of the log messages and acting on them. To make it easy to get log entries into SEC, I'm going to send all log entries to a single log file.
$ModLoad immark $ModLoad ommail $MarkMessagePeriod 1200 $ModLoad imuxsock $ModLoad imudp $UDPServerAddress * $UDPServerRun 514 $ModLoad imtcp $template HostDirs,"/var/log/%HOSTNAME%/%$year%/%$month%/%$day%/%syslogfacility-text%-%syslogseverity-text%.log" *.* ?HostDirs & /var/log/test.log
Tomorrow, I'm going to use an output template to limit the size of test.log file.