知识就是力量,时间就是生命。这篇文章主要讲述rsyslog.conf配置文件相关的知识,希望能为你提供帮助。
【rsyslog.conf配置文件】
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal
#加载rsyslog-mysql,前提需要yum install rsyslog-mysql。可以向mysql中写入日志
$template insertpl,"insert into SystemEvents (Message, Facility, FromHost, FromIP, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag, processid, appname) values (\'%msg%\', %syslogfacility%, \'%fromhost-ip%\', \'%fromhost-ip%\', %syslogseverity%, \'%timereported:::date-mysql%\', \'%timegenerated:::date-mysql%\', %iut%, \'%syslogtag%\', \'%procid%\', \'%app-name%\')",SQL
$Modload ommysql
$WorkDirectory /var/lib/rsyslog
#自定义日志内容模版
$template myFormat,"%timestamp% %fromhost-ip% %syslogtag%======%msg%\\n"
$template shou,"%timestamp% %hostname% %app-name% %fromhost-ip% %syslogtag% %msg%\\n"
#rsyslogv7及以上才能使用的新版模版
template(name="zhangshou" type="list") {
property(name="timestamp" dateFormat="rfc3339")
constant(value="https://www.songbingjia.com/android/host=")
property(name="hostname")
constant(value="https://www.songbingjia.com/android/fromip=")
property(name="fromhost-ip")
constant(value="https://www.songbingjia.com/android/, relayHost=")
property(name="fromhost")
constant(value="https://www.songbingjia.com/android/, tag=")
property(name="syslogtag")
constant(value="https://www.songbingjia.com/android/, programName=")
property(name="programname")
constant(value="https://www.songbingjia.com/android/, procid=")
property(name="procid")
constant(value="https://www.songbingjia.com/android/, facility=")
property(name="syslogfacility-text")
constant(value="https://www.songbingjia.com/android/, sev=")
property(name="syslogseverity-text")
constant(value="https://www.songbingjia.com/android/, appName=")
property(name="app-name")
constant(value="https://www.songbingjia.com/android/, msg=")
property(name="msg" )
constant(value="https://www.songbingjia.com//n")
}
$ActionFileDefaultTemplate myFormat
# 根据客户端的IP单独存放主机日志在不同目录,zhangshou需要手动创建(日志服务器需要做的配置)
$template RemoteLogs,"/var/log/zhangshou/%fromhost-ip%/%programname%/%fromhost-ip%_%$YEAR%-%$MONTH%-%$DAY%.log"
# 排除本地主机IP日志记录,只记录远程主机日志
:fromhost-ip, !isequal, "127.0.0.1" ?RemoteLogs
# 忽略之前所有的日志,远程主机日志记录完之后不再继续往下记录(匹配了此规则后停止后续匹配)
#& ~
$IncludeConfig /etc/rsyslog.d/*.conf
$OmitLocalLogging on
$IMJournalStateFile imjournal.state
#启用UDP的514接收客户端日志
$ModLoad imudp
$UDPServerRun 514
#启用TCP的514接收客户端日志
$ModLoad imtcp
$InputTCPServerRun 514
#新版客户端需要配置,表示向服务端发送日志时不限制速度
$SystemLogRateLimitInterval 0
#所有日志设施的所有日志级别都记录到127.0.0.1的数据库syslog,账号是root密码是123456
*.*:ommysql:127.0.0.1,syslog,root,123456; insertpl
#以下是配置文件自带的,将信息记录到文件使用shou模版记录日志内容,而不使用默认模版
*.info; mail.none; authpriv.none; cron.none/var/log/messages; shou
authpriv.*/var/log/secure
mail.*-/var/log/maillog
cron.*/var/log/cron
*.emerg:omusrmsg:*
uucp,news.crit/var/log/spooler
local7.*/var/log/boot.log
local0.*/var/log/sshd.log
推荐阅读
- smb: ; put NT_STATUS_ACCESS_DENIED opening remote
- EasyCVR调用RTSP地址个别不能播放是什么原因()
- 文本三剑客之awk
- jenkins调优——实战
- 回收站删除的文件恢复,保姆级教学
- linux之curl命令
- docker 搭建prometheusgranfana
- 怎么恢复电脑上删除的文件(谁看了不惊呼简单实用)
- 如何实现流媒体视频平台的直播水印开发()