環(huán)境
系統(tǒng):CentOS 6.9
rsyslog版本:8.29.0
rsyslog服務(wù)端IP:10.10.10.10
準(zhǔn)備
-
安裝rsyslog的yum源
# cd /etc/yum.repos.d/ # wget http://rpms.adiscon.com/v8-stable/rsyslog.repo -
升級(jí)rsyslog
# yum install rsyslog -
檢查rsyslog版本
# rsyslogd -v
注:rsyslog客戶端和服務(wù)端都要升級(jí)
rsyslog客戶端配置
-
添加子配置文件
# vim /etc/rsyslog.d/rsyslog-server.conf module(load="imfile" PollingInterval="5") local0.* @@10.10.10.10:514 input(type="imfile" File="/App/tomcat/example/logs/catalina.*.log" Tag="tomcat+example+catalina.log" Severity="info" Facility="local0") input(type="imfile" File="/App/tomcat/example/logs/catalina.out" Tag="tomcat+example+catalina.out" Severity="info" Facility="local0") input(type="imfile" File="/App/tomcat/example/logs/localhost.*.log" Tag="tomcat+example+localhost.log" Severity="info" Facility="local0") -
檢查配置
# rsyslogd -N1 -
重啟服務(wù)
# /etc/init.d/rsyslog restart
rsrslog服務(wù)端配置
-
編輯主配置文件
# vim /etc/rsyslog.conf module(load="imudp") # needs to be done just once input(type="imudp" port="514") ...... module(load="imtcp") # needs to be done just once input(type="imtcp" port="514") ...... # 添加到末尾 template(name="RemoteFileFormat" type="string" string="/data/rsyslog/%hostname%/%programname:F,43:1%/%programname:F,43:2%/%programname:F,43:3%-%$year%%$month%%$day%") template(name="CleanMsgFormat" type="string" string="%msg:2:$%\n") local0.* ?RemoteFileFormat;CleanMsgFormat & ~參數(shù)解釋:
hostnamemessage的主機(jī)名部分
programname:F,43:1message的tag的靜態(tài)部分蚪燕,以ascii碼43(+字符)分隔暗挑,取第1段
msg:2:$message的msg部分骤坐,取第2至最后的字符(不是以空格開頭msg坚冀,rsyslog會(huì)自動(dòng)補(bǔ)一個(gè)空格)例子:
客戶端配置屬性Tag=tomcat+example+catalina.log的消息
服務(wù)端會(huì)寫入路徑為/data/rsyslog/hostname/tomcat/example/catalina.log-20170903的文件 -
檢查配置
# rsyslogd -N1 -
重啟服務(wù)
# /etc/init.d/rsyslog restart
