Is there a way to create a rsyslog rule that will process all incoming udp traffic to a different file (the same way rules are written for subsystems)
So for example I would do something like this
udp.* /var/log/remoteSrv
The closest I have fund was how to change files based on the remote system but I'm just looking to know if the log came from the local machine or from a remote server.
http://www.rsyslog.com/storing-messages-from-a-remote-system-into-a-specific-file/
Thanks for the help