Rsyslog-Server Setup.sh

$ sudo vim /etc/rsyslog.conf

# /etc/rsyslog.conf configuration file for rsyslog
#
# For more information install rsyslog-doc and see
# /usr/share/doc/rsyslog-doc/html/configuration/index.html

#################
#### MODULES ####
#################

module(load="imuxsock") # provides support for local system logging
module(load="imklog")   # provides kernel logging support

# provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514

###########################
#### GLOBAL DIRECTIVES ####
###########################

#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

#
# Set the default permissions for all log files.
#
$FileOwner root
$FileGroup adm
$FileCreateMode 0644
$DirCreateMode 0755
$Umask 0022

#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog

#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf

###############
#### RULES ####
###############

#
# First some standard log files.  Log by facility.
#
auth,authpriv.*                 /var/log/auth.log
*.*;auth,authpriv.none          -/var/log/syslog
#cron.*                         /var/log/cron.log
daemon.*                        -/var/log/daemon.log
kern.*                          -/var/log/kern.log
lpr.*                           -/var/log/lpr.log
mail.*                          -/var/log/mail.log
user.*                          -/var/log/user.log

#
# Logging for the mail system.  Split it up so that
# it is easy to write scripts to parse these files.
#
mail.info                       -/var/log/mail.info
mail.warn                       -/var/log/mail.warn
mail.err                        /var/log/mail.err

#
# Some "catch-all" log files.
#
*.=debug;\
        auth,authpriv.none;\
        news.none;mail.none     -/var/log/debug
*.=info;*.=notice;*.=warn;\
        auth,authpriv.none;\
        cron,daemon.none;\
        mail,news.none          -/var/log/messages

#
# Emergencies are sent to everybody logged in.
#
*.emerg                         :omusrmsg:*

################################
#### One Log per Remotehost ####
################################
template(name="DynFile" type="string" string="/var/log/remote/%HOSTNAME%.log")
ruleset(name="RemoteDevice"){
        action(type="omfile" dynaFile="DynFile")
}
module(load="imudp")
input(type="imudp" port="514" ruleset="RemoteDevice")


$ sudo vim /etc/logrotate.d/remotelogs

/var/log/remote/*.log {
        daily           # täglich Rotieren
        missingok       # Falls das Log nicht existiert ignoriere es
        rotate 5        # Behalte 5 Logiles
        compress        # Komprimiere die alten Logs
        delaycompress   # Verschiebt die Kompression des letzten Logfiles auf den nächsten Rotationszyklus.
                        # Das hat nur im Zusammenhang mit compress Bedeutung. Es kann verwendet werden, wenn
                        # Programme nicht dazu veranlasst werden können, ihre Logdateien zu schließen und
                        # daher noch in die alte Datei weiterschreiben wollen.
        notifempty      # Leere Logdateien werden nicht rotiert
}

# Client config:
$ sudo vim /etc/rsyslog.conf
# Client config on top
$PreserveFQDN on
# Client config first under global directives:
if $syslogseverity <= '5' then @syslog.infra.onkeldom.lan

$ sudo mkdir /var/log/remote
$ sudo chown -R root:adm /var/log/remote
$ sudo systemctl restart rsyslog