rsyslog 配置文件说明
来源:互联网 发布:126邮箱ssl协议端口号 编辑:程序博客网 时间:2024/06/08 15:40
rsyslog是什么,以及如何安装,配置用户和用户组在此不多说.网上有大把教程.
本文设定 由A服务器向B服务器发送log,B服务器为中心收集log服务器.
1.A 的配置文件/etc/rsyslog.conf
# /etc/rsyslog.conf Configuration file for rsyslog.## For more information see# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html## Default logging rules can be found in /etc/rsyslog.d/50-default.conf##################### MODULES #####################module(load="imuxsock") # provides support for local system loggingmodule(load="imklog") # provides kernel logging support#module(load="immark") # provides --MARK-- message capability# provides UDP syslog reception#module(load="imudp")#input(type="imudp" port="514")# provides TCP syslog reception#module(load="imtcp")#input(type="imtcp" port="514")# Enable non-kernel facility klog messages$KLogPermitNonKernelFacility on############################### GLOBAL DIRECTIVES ################################# Use traditional timestamp format.# To enable high precision timestamps, comment out the following line.#$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat# Filter duplicated messages$RepeatedMsgReduction off## Set the default permissions for all log files.#$FileOwner syslog$FileGroup adm$FileCreateMode 0640$DirCreateMode 0755$Umask 0022$PrivDropToUser syslog$PrivDropToGroup syslog$MaxMessageSize 8k## Where to place spool and state files#$WorkDirectory /var/spool/rsyslog## Include all config files in /etc/rsyslog.d/#$IncludeConfig /etc/rsyslog.d/*.conf$OmitLocalLogging on$IMJournalStateFile imjournal.state#*.* /var/log/all.log#local7.* -/var/log/local.log## Template#$template t_msg, “%msg\n%”local7.* @xx.xx.xx.xxx:514local5.* @xx.xx.xx.xxx:515
说明:
local7.* @xx.xx.xx.xxx:514
将A服务器指定level的所有log发送到指定ip的514端口.
rsyslog level 介绍:https://wiki.archlinux.org/index.php/Rsyslog.
若在A服务器运行如下shell,则日志会发送到指定ip的514端口.
logger -p local7.info "{\"a\":\"aa\",\"b\":\"bb\"}"
2.B服务器/etc/rsyslog.conf
# /etc/rsyslog.conf Configuration file for rsyslog.## For more information see# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html## Default logging rules can be found in /etc/rsyslog.d/50-default.conf##################### MODULES #####################module(load="imuxsock") # provides support for local system loggingmodule(load="imklog") # provides kernel logging support#module(load="immark") # provides --MARK-- message capability# provides UDP syslog receptionmodule(load="imudp")input(type="imudp" port="514" ruleset="log")# provides TCP syslog reception#module(load="imtcp")#input(type="imtcp" port="514")# Enable non-kernel facility klog messages$KLogPermitNonKernelFacility on############################### GLOBAL DIRECTIVES ################################# Use traditional timestamp format.# To enable high precision timestamps, comment out the following line.#$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat# Filter duplicated messages$RepeatedMsgReduction off## Set the default permissions for all log files.#$FileOwner syslog$FileGroup adm$FileCreateMode 0640$DirCreateMode 0755$Umask 0022$PrivDropToUser syslog$PrivDropToGroup syslog$MaxMessageSize 8k## Where to place spool and state files#$WorkDirectory /var/spool/rsyslog## Include all config files in /etc/rsyslog.d/#$IncludeConfig /etc/rsyslog.d/*.conflocal6.* /var/log/log-receiver.log## Template#template(name="log-format" type="list"){ property(name="msg") constant(value="\n")}template(name="file-format" type="string" string="/var/log/sdk/%$YEAR%%$MONTH%%$DAY%-%$HOUR%%$MINUTE%.log")## ruleset#Ruleset(name="log") { Action(type="omfile" dynaFile="file-format" template="log-format")}
说明:
1.
module(load="imudp")input(type="imudp" port="514" ruleset="log")
指定514端口收到的log处理规则为 “log”
2.
Ruleset(name="log") { Action(type="omfile" dynaFile="file-format" template="log-format")}
设置规则,规则名为”log”, 所做的action是文件形式保存log信息,文件名为由 template file-format所定义. 保存的格式由template “log-format”定义.
阅读全文
0 0
- rsyslog 配置文件说明
- Rsyslog配置文件详解
- Rsyslog配置文件详解
- Rsyslog配置文件详解
- Rsyslog配置文件详解
- rsyslog imfile 模块说明
- rsyslog imfile 模块说明
- rsyslog
- rsyslog
- rsyslog
- Rsyslog
- rsyslog
- rsyslog
- rsyslog
- rsyslog
- rsyslog
- 配置文件说明
- fedora的配置文件说明
- 【斜率优化】BZOJ1597(Usaco2008 Mar)[土地购买]题解
- 数据降维的几种方法(转)
- 给新生的一点入门建议
- Java 多线程同步的五种方法
- 冒泡排序算法研究
- rsyslog 配置文件说明
- Linux学习笔记--执行带Jar包的class文件
- ionic3的自定义图标引入
- 20170927_快排应用_数组中寻找最小的K个数
- MySQL在创建数据表的时候int(3)和int有什么区别?
- 一个牛逼的 字符串拷贝函数
- dubbox编译安装本地maven仓库
- 1089: 最短路入门2(道路重建)
- Docker容器通过独立IP暴露给局域网的方法