rsyslog 服务器配置
 
:FROMHOST-IP, isequal, "10.26.44.206" /var/log/10.26.44.206.log
:FROMHOST-IP, isequal, "11.40.169.210" /var/log/11.40.169.210.log
 
 
b.$template Remote,"/data/log/%fromhost-ip%_%$YEAR%-%$MONTH%-%$DAY%.log"  定义模板,接受日志文件路径,区分了不同主机的日志
 
c.:fromhost-ip, !isequal, "127.0.0.1" ?Remote 过滤server 本机的日志

--------------------- 
作者:zhaoyangjian724 
来源:CSDN 
原文:https://blog.csdn.net/zhaoyangjian724/article/details/52497425 
版权声明:本文为博主原创文章,转载请附上博文链接!

<pre name="code" class="html">nginx 服务器配置:
jrhwpt01:/root# cat /etc/rsyslog.conf 
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
module(load="imfile" PollingInterval="5")
$ModLoad imtcp
$InputTCPServerRun 514
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
*.info;mail.none;authpriv.none;cron.none;local5.none                /var/log/messages
*.info;mail.none;authpriv.none;cron.none;local5.none                @@15.26.10.82:514
 
 
rsyslog 服务器配置
 
:FROMHOST-IP, isequal, "10.26.44.206" /var/log/10.26.44.206.log
:FROMHOST-IP, isequal, "11.40.169.210" /var/log/11.40.169.210.log
 
 
b.$template Remote,"/data/log/%fromhost-ip%_%$YEAR%-%$MONTH%-%$DAY%.log"  定义模板,接受日志文件路径,区分了不同主机的日志
 
c.:fromhost-ip, !isequal, "127.0.0.1" ?Remote 过滤server 本机的日志
 
最简单的办法;
$template myFormat,"%timestamp% %fromhost-ip%%msg%\n"
$template Remote,"/var/log/%fromhost-ip%_%$YEAR%-%$MONTH%-%$DAY%.log"
:fromhost-ip, !isequal, "127.0.0.1" -?Remote;myFormat
 
1.rsyslog 服务器配置:
[root@opm log]# grep -v "^#" /etc/rsyslog.conf | grep -v "^$"
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal
$ModLoad immark  # provides --MARK-- message capability
$ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerRun 514
$WorkDirectory /var/lib/rsyslog
$AllowedSender tcp, 192.168.30.0/24
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$template Remote,"/data/log/%fromhost-ip%/%fromhost-ip%_%$YEAR%-%$MONTH%-%$DAY%.log"
:fromhost-ip, !isequal, "127.0.0.1" ?Remote
$IncludeConfig /etc/rsyslog.d/*.conf
$OmitLocalLogging on
$IMJournalStateFile imjournal.state
*.info;mail.none;authpriv.none;cron.none                /data/log/messages
authpriv.*                                              /var/log/secure
mail.*                                                  -/var/log/maillog
cron.*                                                  /var/log/cron
*.emerg                                                 :omusrmsg:*
uucp,news.crit                                          /var/log/spooler
local7.*                                                /var/log/boot.log
 
 
a.$AllowedSender tcp, 192.168.30.0/24 允许 30.0网段内的主机以tcp协议来传输
 
b.$template Remote,"/data/log/%fromhost-ip%/%fromhost-ip%_%$YEAR%-%$MONTH%-%$DAY%.log"  定义模板,接受日志文件路径,区分了不同主机的日志
 
c.:fromhost-ip, !isequal, "127.0.0.1" ?Remote 过滤server 本机的日志。
 
$template myFormat,"%timestamp% %fromhost-ip%%msg%\n"
 
 
:syslogtag,isequal,"uat-frontend01-access"  -?uat-frontend01-access;tocFormat
$template Remote,"/var/log/%fromhost-ip%_%$YEAR%-%$MONTH%-%$DAY%.log"
:fromhost-ip, !isequal, "127.0.0.1" -?Remote;myFormat
--------------------- 
作者:zhaoyangjian724 
来源:CSDN 
原文:https://blog.csdn.net/zhaoyangjian724/article/details/52497425 
版权声明:本文为博主原创文章,转载请附上博文链接!

 

发表评论

您的电子邮箱地址不会被公开。 必填项已用*标注