rsyslog是什麼,以及如何安裝,配置使用者和使用者組在此不多說.網上有大把教程.1.a 的配置檔案/etc/rsyslog.conf本文設定 由a伺服器向b伺服器傳送log,b伺服器為中心收集log伺服器.
# /etc/rsyslog.conf configuration file for rsyslog.
## for more information see
# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
## default logging rules can be found in /etc/rsyslog.d/50-default.conf
#################
#### modules ####
#################
module(load="imuxsock") # provides support for local system logging
module(load="imklog") # provides kernel logging support
#module(load="immark") # provides --mark-- message capability
# provides udp syslog reception
#module(load="imudp")
#input(type="imudp" port="514")
# provides tcp syslog reception
#module(load="imtcp")
#input(type="imtcp" port="514")
# enable non-kernel facility klog messages
$klogpermitnonkernelfacility on
###########################
#### global directives ####
###########################
## use traditional timestamp format.
# to enable high precision timestamps, comment out the following line.
#$actionfiledefaulttemplate rsyslog_traditionalfileformat
# filter duplicated messages
$repeatedmsgreduction off
## set the default permissions for all log files.
#$fileowner syslog
$filegroup adm
$filecreatemode 0640
$dircreatemode 0755
$umask 0022
$privdroptouser syslog
$privdroptogroup syslog
$maxmessagesize 8k
## where to place spool and state files
#$workdirectory /var/spool/rsyslog
## include all config files in /etc/rsyslog.d/
#$includeconfig /etc/rsyslog.d/*.conf
$omitlocallogging on
$imjournalstatefile imjournal.state
#*.* /var/log/all.log
#local7.* -/var/log/local.log
## template
#$template t_msg, 「%msg\n%」
local7.* @xx.xx.xx.***:514
local5.* @xx.xx.xx.***:515
local7.* @xx.xx.xx.***:514
將a伺服器指定level的所有log傳送到指定ip的514埠.
rsyslog level 介紹:
若在a伺服器執行如下shell,則日誌會傳送到指定ip的514埠.
logger -p local7.info ""# /etc/rsyslog.conf configuration file for rsyslog.
## for more information see
# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
## default logging rules can be found in /etc/rsyslog.d/50-default.conf
#################
#### modules ####
#################
module(load="imuxsock") # provides support for local system logging
module(load="imklog") # provides kernel logging support
#module(load="immark") # provides --mark-- message capability
# provides udp syslog reception
module(load="imudp")
input(type="imudp" port="514" ruleset="log")
# provides tcp syslog reception
#module(load="imtcp")
#input(type="imtcp" port="514")
# enable non-kernel facility klog messages
$klogpermitnonkernelfacility on
###########################
#### global directives ####
###########################
## use traditional timestamp format.
# to enable high precision timestamps, comment out the following line.
#$actionfiledefaulttemplate rsyslog_traditionalfileformat
# filter duplicated messages
$repeatedmsgreduction off
## set the default permissions for all log files.
#$fileowner syslog
$filegroup adm
$filecreatemode
0640
$dircreatemode
0755
$umask
0022
$privdroptouser syslog
$privdroptogroup syslog
$maxmessagesize8k#
# where to place spool and state files
#$workdirectory /var/spool/rsyslog
## include all config files in /etc/rsyslog.d/
#$includeconfig /etc/rsyslog.d/*.conf
local6.* /var/log/log-receiver.log
## template
#template(name="log-format"
type="list")
template(name="file-format"
type="string"
string="/var/log/sdk/%$year%%$month%%$day%-%$hour%%$minute%.log")
## ruleset
#ruleset(name="log")
1.
module(load="imudp")
input(type="imudp" port="514" ruleset="log")
2.
ruleset(name="log")rsyslog日誌服務的配置檔案分析
基於rsyslog日誌服務的日誌 在不同的linux系統,實現的軟體略有不同。syslog,rsyslog,syslog ng,用於實現系統日誌的管理。root asianux4 rpm qa grep syslog rsyslog 5.8.10 8.axs4.x86 64 rsyslog日誌服務的...
rsyslog日誌服務的配置檔案分析
基於rsyslog日誌服務的日誌 在不同的linux系統,實現的軟體略有不同。syslog,rsyslog,syslog ng,用於實現系統日誌的管理。root asianux4 rpm qa grep syslog rsyslog 5.8.10 8.axs4.x86 64 rsyslog日誌服務的...
客戶端rsyslog配置檔案詳解
最近再開發乙個rsyslog的接收服務端,支援udp,tcp和tls三種協議。所以去仔細研究了一下rsyslog.conf的配置檔案,下面來詳細說一下。因為我這兒重點在於怎麼將資訊傳送到我的伺服器,所以只講了一些傳送應該配置的內容,至於rsyslog.conf配置的詳細內容,大家可以去rsyslog...