syslog server

cat /var/syslog.d/514.conf

$ModLoad imuxsock
$ModLoad imjournal

$ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerRun 514

$WorkDirectory /var/lib/rsyslog

$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

$template Remote2,"/var/log/syslog2/%fromhost-ip%/%fromhost-ip%_%$YEAR%-%$MONTH%-%$DAY%.log"
$template Remote3,"/var/log/syslog3/%fromhost-ip%/%fromhost-ip%_%$YEAR%-%$MONTH%-%$DAY%.log"

$template Remote,"/var/log/syslog/%fromhost-ip%/%fromhost-ip%_%$YEAR%-%$MONTH%-%$DAY%.log"
$template Local,"/var/log/syslog/192.168.1.51/192.168.1.51_%$YEAR%-%$MONTH%-%$DAY%.log"

:rawmsg, contains, "mysql2"  -?Remote3
:rawmsg, contains, "mysql2"  ~

:rawmsg, contains, "mysql"  -?Remote2
:rawmsg, contains, "mysql"  ~

:fromhost-ip, !isequal, "127.0.0.1" -?Remote
:fromhost-ip, !isequal, "127.0.0.1" ~

:fromhost-ip, isequal, "127.0.0.1" -?Local
:fromhost-ip, isequal, "127.0.0.1" ~

syslog client

vim test.conf

$ModLoad imfile
$InputFilePollInterval 10
$WorkDirectory /var/spool/rsyslog
$PrivDropToGroup adm

$template BiglogFormatTomcat,"%msg%\n"

$InputFileName /var/log/test.log
$InputFileTag catalina-log
$InputFileStateFile stat-catalina-log
$InputFileSeverity info
$InputFilePersistStateInterval 25000
$InputRunFileMonitor

if $programname == 'catalina-log' then @192.168.1.51:514;BiglogFormatTomcat
if $programname == 'catalina-log' then ~

 

cat mysql-log.conf 
module(load="imfile" PollingInterval="5") 

input(type="imfile"  
File="/var/log/mysqld.log"  
Tag="mysqld-log"  
Severity="info"  
Facility="local5")  

local5.* @@192.168.1.51:514  
local5.* ~

 

cat linux-log.conf 
#$template BiglogFormatLinux,"aaaaaaa %msg%\n"
#*.*  @@192.168.1.51:514;BiglogFormatLinux

*.*  @@192.168.1.51:1514

 

发表评论

邮箱地址不会被公开。 必填项已用*标注