Sometimes, you may want to save the log from a remote server to a specific file instead of /var/log/messages. you can set up log forwarding later that won’t include lots of junk.
Step 1
Create a new conf file in /etc/rsyslog.d with below two lines, for example. we are going to save the log messages from a host called DarkTrace2LogScale to a log file /var/log/darktrace.log.
if $fromhost == 'DarkTrace2LogScale' then /var/log/darktrace.log
& stop
Step 2
Create a new log file for this purpose and then restart the rsyslog service.
Step 3
Verify the configuration is actually working.