rsyslog 配置文件说明

来源：互联网发布：126邮箱ssl协议端口号编辑：程序博客网时间：2024/06/08 15:40

rsyslog是什么,以及如何安装,配置用户和用户组在此不多说.网上有大把教程.
本文设定由A服务器向B服务器发送log,B服务器为中心收集log服务器.

1.A 的配置文件/etc/rsyslog.conf

#  /etc/rsyslog.conf    Configuration file for rsyslog.##           For more information see#           /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html##  Default logging rules can be found in /etc/rsyslog.d/50-default.conf##################### MODULES #####################module(load="imuxsock") # provides support for local system loggingmodule(load="imklog")   # provides kernel logging support#module(load="immark")  # provides --MARK-- message capability# provides UDP syslog reception#module(load="imudp")#input(type="imudp" port="514")# provides TCP syslog reception#module(load="imtcp")#input(type="imtcp" port="514")# Enable non-kernel facility klog messages$KLogPermitNonKernelFacility on############################### GLOBAL DIRECTIVES ################################# Use traditional timestamp format.# To enable high precision timestamps, comment out the following line.#$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat# Filter duplicated messages$RepeatedMsgReduction off## Set the default permissions for all log files.#$FileOwner syslog$FileGroup adm$FileCreateMode 0640$DirCreateMode 0755$Umask 0022$PrivDropToUser syslog$PrivDropToGroup syslog$MaxMessageSize 8k## Where to place spool and state files#$WorkDirectory /var/spool/rsyslog## Include all config files in /etc/rsyslog.d/#$IncludeConfig /etc/rsyslog.d/*.conf$OmitLocalLogging on$IMJournalStateFile imjournal.state#*.* /var/log/all.log#local7.* -/var/log/local.log## Template#$template  t_msg, “%msg\n%”local7.* @xx.xx.xx.xxx:514local5.* @xx.xx.xx.xxx:515

说明:
local7.* @xx.xx.xx.xxx:514
将A服务器指定level的所有log发送到指定ip的514端口.
rsyslog level 介绍:https://wiki.archlinux.org/index.php/Rsyslog.

若在A服务器运行如下shell,则日志会发送到指定ip的514端口.

logger -p local7.info "{\"a\":\"aa\",\"b\":\"bb\"}"

2.B服务器/etc/rsyslog.conf

#  /etc/rsyslog.conf    Configuration file for rsyslog.##           For more information see#           /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html##  Default logging rules can be found in /etc/rsyslog.d/50-default.conf##################### MODULES #####################module(load="imuxsock") # provides support for local system loggingmodule(load="imklog")   # provides kernel logging support#module(load="immark")  # provides --MARK-- message capability# provides UDP syslog receptionmodule(load="imudp")input(type="imudp" port="514" ruleset="log")# provides TCP syslog reception#module(load="imtcp")#input(type="imtcp" port="514")# Enable non-kernel facility klog messages$KLogPermitNonKernelFacility on############################### GLOBAL DIRECTIVES ################################# Use traditional timestamp format.# To enable high precision timestamps, comment out the following line.#$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat# Filter duplicated messages$RepeatedMsgReduction off## Set the default permissions for all log files.#$FileOwner syslog$FileGroup adm$FileCreateMode 0640$DirCreateMode 0755$Umask 0022$PrivDropToUser syslog$PrivDropToGroup syslog$MaxMessageSize 8k## Where to place spool and state files#$WorkDirectory /var/spool/rsyslog## Include all config files in /etc/rsyslog.d/#$IncludeConfig /etc/rsyslog.d/*.conflocal6.* /var/log/log-receiver.log## Template#template(name="log-format" type="list"){  property(name="msg")  constant(value="\n")}template(name="file-format"   type="string"   string="/var/log/sdk/%$YEAR%%$MONTH%%$DAY%-%$HOUR%%$MINUTE%.log")## ruleset#Ruleset(name="log") {    Action(type="omfile" dynaFile="file-format" template="log-format")}

说明:
1.

module(load="imudp")input(type="imudp" port="514" ruleset="log")

指定514端口收到的log处理规则为 “log”

Ruleset(name="log") {    Action(type="omfile" dynaFile="file-format" template="log-format")}

设置规则,规则名为”log”, 所做的action是文件形式保存log信息,文件名为由 template file-format所定义. 保存的格式由template “log-format”定义.

阅读全文

0 0