rsyslog 配置檔案說明

2021-08-08 19:38:51 字數 4625 閱讀 1641

rsyslog是什麼,以及如何安裝,配置使用者和使用者組在此不多說.網上有大把教程.

本文設定 由a伺服器向b伺服器傳送log,b伺服器為中心收集log伺服器.

1.a 的配置檔案/etc/rsyslog.conf

#  /etc/rsyslog.conf    configuration file for rsyslog.

## for more information see

# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html

## default logging rules can be found in /etc/rsyslog.d/50-default.conf

#################

#### modules ####

#################

module(load="imuxsock") # provides support for local system logging

module(load="imklog") # provides kernel logging support

#module(load="immark") # provides --mark-- message capability

# provides udp syslog reception

#module(load="imudp")

#input(type="imudp" port="514")

# provides tcp syslog reception

#module(load="imtcp")

#input(type="imtcp" port="514")

# enable non-kernel facility klog messages

$klogpermitnonkernelfacility on

###########################

#### global directives ####

###########################

## use traditional timestamp format.

# to enable high precision timestamps, comment out the following line.

#$actionfiledefaulttemplate rsyslog_traditionalfileformat

# filter duplicated messages

$repeatedmsgreduction off

## set the default permissions for all log files.

#$fileowner syslog

$filegroup adm

$filecreatemode 0640

$dircreatemode 0755

$umask 0022

$privdroptouser syslog

$privdroptogroup syslog

$maxmessagesize 8k

## where to place spool and state files

#$workdirectory /var/spool/rsyslog

## include all config files in /etc/rsyslog.d/

#$includeconfig /etc/rsyslog.d/*.conf

$omitlocallogging on

$imjournalstatefile imjournal.state

#*.* /var/log/all.log

#local7.* -/var/log/local.log

## template

#$template t_msg, 「%msg\n%」

local7.* @xx.xx.xx.***:514

local5.* @xx.xx.xx.***:515

說明:

local7.* @xx.xx.xx.***:514

將a伺服器指定level的所有log傳送到指定ip的514埠.

rsyslog level 介紹:

若在a伺服器執行如下shell,則日誌會傳送到指定ip的514埠.

logger -p local7.info ""
2.b伺服器/etc/rsyslog.conf

#  /etc/rsyslog.conf    configuration file for rsyslog.

## for more information see

# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html

## default logging rules can be found in /etc/rsyslog.d/50-default.conf

#################

#### modules ####

#################

module(load="imuxsock") # provides support for local system logging

module(load="imklog") # provides kernel logging support

#module(load="immark") # provides --mark-- message capability

# provides udp syslog reception

module(load="imudp")

input(type="imudp" port="514" ruleset="log")

# provides tcp syslog reception

#module(load="imtcp")

#input(type="imtcp" port="514")

# enable non-kernel facility klog messages

$klogpermitnonkernelfacility on

###########################

#### global directives ####

###########################

## use traditional timestamp format.

# to enable high precision timestamps, comment out the following line.

#$actionfiledefaulttemplate rsyslog_traditionalfileformat

# filter duplicated messages

$repeatedmsgreduction off

## set the default permissions for all log files.

#$fileowner syslog

$filegroup adm

$filecreatemode

0640

$dircreatemode

0755

$umask

0022

$privdroptouser syslog

$privdroptogroup syslog

$maxmessagesize8k#

# where to place spool and state files

#$workdirectory /var/spool/rsyslog

## include all config files in /etc/rsyslog.d/

#$includeconfig /etc/rsyslog.d/*.conf

local6.* /var/log/log-receiver.log

## template

#template(name="log-format"

type="list")

template(name="file-format"

type="string"

string="/var/log/sdk/%$year%%$month%%$day%-%$hour%%$minute%.log")

## ruleset

#ruleset(name="log")

說明:

1.

module(load="imudp")

input(type="imudp" port="514" ruleset="log")

指定514埠收到的log處理規則為 「log」

2.

ruleset(name="log")
設定規則,規則名為」log」, 所做的action是檔案形式儲存log資訊,檔名為由 template file-format所定義. 儲存的格式由template 「log-format」定義.

rsyslog日誌服務的配置檔案分析

基於rsyslog日誌服務的日誌 在不同的linux系統,實現的軟體略有不同。syslog,rsyslog,syslog ng,用於實現系統日誌的管理。root asianux4 rpm qa grep syslog rsyslog 5.8.10 8.axs4.x86 64 rsyslog日誌服務的...

rsyslog日誌服務的配置檔案分析

基於rsyslog日誌服務的日誌 在不同的linux系統,實現的軟體略有不同。syslog,rsyslog,syslog ng,用於實現系統日誌的管理。root asianux4 rpm qa grep syslog rsyslog 5.8.10 8.axs4.x86 64 rsyslog日誌服務的...

客戶端rsyslog配置檔案詳解

最近再開發乙個rsyslog的接收服務端,支援udp,tcp和tls三種協議。所以去仔細研究了一下rsyslog.conf的配置檔案,下面來詳細說一下。因為我這兒重點在於怎麼將資訊傳送到我的伺服器,所以只講了一些傳送應該配置的內容,至於rsyslog.conf配置的詳細內容,大家可以去rsyslog...