<pre name="code" class="html">nginx 服务器配置: jrhwpt01:/root# cat /etc/rsyslog.conf $ModLoad imuxsock # provides support for local system logging (e.g. via logger command) $ModLoad imklog # provides kernel logging support (previously done by rklogd) module(load="imfile" PollingInterval="5") $ModLoad imtcp $InputTCPServerRun 514 $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat $IncludeConfig /etc/rsyslog.d/*.conf *.info;mail.none;authpriv.none;cron.none;local5.none /var/log/messages *.info;mail.none;authpriv.none;cron.none;local5.none @@15.26.10.82:514 rsyslog 服务器配置 :FROMHOST-IP, isequal, "10.26.44.206" /var/log/10.26.44.206.log :FROMHOST-IP, isequal, "11.40.169.210" /var/log/11.40.169.210.log b.$template Remote,"/data/log/%fromhost-ip%_%$YEAR%-%$MONTH%-%$DAY%.log" 定义模板,接受日志文件路径,区分了不同主机的日志 c.:fromhost-ip, !isequal, "127.0.0.1" ?Remote 过滤server 本机的日志 最简单的办法; $template myFormat,"%timestamp% %fromhost-ip%%msg%\n" $template Remote,"/var/log/%fromhost-ip%_%$YEAR%-%$MONTH%-%$DAY%.log" :fromhost-ip, !isequal, "127.0.0.1" -?Remote;myFormat 1.rsyslog 服务器配置: [root@opm log]# grep -v "^#" /etc/rsyslog.conf | grep -v "^$" $ModLoad imuxsock # provides support for local system logging (e.g. via logger command) $ModLoad imjournal # provides access to the systemd journal $ModLoad immark # provides --MARK-- message capability $ModLoad imudp $UDPServerRun 514 $ModLoad imtcp $InputTCPServerRun 514 $WorkDirectory /var/lib/rsyslog $AllowedSender tcp, 192.168.30.0/24 $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat $template Remote,"/data/log/%fromhost-ip%/%fromhost-ip%_%$YEAR%-%$MONTH%-%$DAY%.log" :fromhost-ip, !isequal, "127.0.0.1" ?Remote $IncludeConfig /etc/rsyslog.d/*.conf $OmitLocalLogging on $IMJournalStateFile imjournal.state *.info;mail.none;authpriv.none;cron.none /data/log/messages authpriv.* /var/log/secure mail.* -/var/log/maillog cron.* /var/log/cron *.emerg :omusrmsg:* uucp,news.crit /var/log/spooler local7.* /var/log/boot.log a.$AllowedSender tcp, 192.168.30.0/24 允许 30.0网段内的主机以tcp协议来传输 b.$template Remote,"/data/log/%fromhost-ip%/%fromhost-ip%_%$YEAR%-%$MONTH%-%$DAY%.log" 定义模板,接受日志文件路径,区分了不同主机的日志 c.:fromhost-ip, !isequal, "127.0.0.1" ?Remote 过滤server 本机的日志。 $template myFormat,"%timestamp% %fromhost-ip%%msg%\n" :syslogtag,isequal,"uat-frontend01-access" -?uat-frontend01-access;tocFormat $template Remote,"/var/log/%fromhost-ip%_%$YEAR%-%$MONTH%-%$DAY%.log" :fromhost-ip, !isequal, "127.0.0.1" -?Remote;myFormat
rsyslog 收集系统日志
转载本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
上一篇:kibana 统计每天注册数
下一篇:字符串转换为float<1>
提问和评论都可以,用心的回复会被更多人看到
评论
发布评论
相关文章
-
kubernetes集群部署EFK收集集群日志
K8S日志系统 EFK
Group elasticsearch Elastic EFK