I'm trying to configure a remote log host for my servers (all CentOS 8). I added this on my central server
if $fromhost-ip == '123.123.123.123' then /var/log/{{hostname}}.log
Also I changed my client config to
*.* @@321.321.321.321:514/var/log/{{hostname}}.log
But when I try to run:
sudo logger "test"
It both logs on /var/log/hostname.log and /var/log/messages on my central remote server
It also floods the custom log file with
pam_unix(sudo:session): session opened for user root by admin(uid=0)
log message here
pam_unix(sudo:session): session closed for user root
How do I set my logs only to send to my custom log file? And how do I filter these pam messages to be not included?
Thank you