syslog实例详解rsyslog
2024-09-14 09:45:36
http://blog.csdn.net/chenhao112358/article/details/40892239
http://www.cnblogs.com/blueswu/p/3564763.html
http://blog.clanzx.net/2013/12/31/rsyslog.html
http://www.xiaomastack.com/2014/11/06/logger-rsyslog/
http://www.cnblogs.com/tobeseeker/archive/2013/03/10/2953250.html
http://www.open-open.com/lib/view/open1440982522565.html
https://linux.cn/article-4835-1.html#3_4334 服务器初始配制:其他实验基于添加 [root@server1 ~]# vi /etc/rsyslog.conf # rsyslog v5 configuration file # For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html #### MODULES #### $ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
#$ModLoad immark # provides --MARK-- message capability
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
#$ModLoad immark # provides --MARK-- message capability # Provides UDP syslog reception
#$ModLoad imudp
$UDPServerRun 514 //去掉# # Provides TCP syslog reception
#$ModLoad imtcp
$InputTCPServerRun 10514 //去掉# #### GLOBAL DIRECTIVES #### # Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
实例1:
服务器:
/etc/rsyslog.conf文件最后添加
*.* /var/log/all.log service rsyslog restart 客户端:
/etc/rsyslog.conf文件最后添加
*.* @@10.24.220.232:10514 //通过tcp传 service rsyslog restart
------------------------------------------------------------------------------------------
客户端测试试程序:k.c
#include <syslog.h>
int main(void){
int log_test;
openlog("log_test", LOG_PID|LOG_CONS, LOG_USER);
syslog(LOG_INFO, "PID information, pid=%d\n", getpid());
syslog(LOG_ALERT, "debug message\n");
closelog();
return 0;
}
root@slave1 ~]# ./k 服务器查看log:
cat /var/log/all.log Jun 12 20:44:05 slave1 log_test[12612]: PID information, pid=12612
Jun 12 20:44:05 slave1 log_test[12612]: debug message
实例2: 服务器:
/etc/rsyslog.conf文件最后添加
*.* /var/log/all.log service rsyslog restart 客户端:
/etc/rsyslog.conf文件最后添加
*.* @10.24.220.232: //通过udp service rsyslog restart ------------------------------------------------
客户端:
[root@slave1 ~]# logger "hello world" 服务器查看log:
cat /var/log/all.log Jun 12 20:50:51 slave1 root: hello world
实例3 服务器:
/etc/rsyslog.conf文件最后添加
local5.* /var/log/all.log #过滤local5级别的日志,放入/var/log/all.log 客户端只加入: local5.* @10.1.5.241:514 #通过udp传 客户端测试:
[root@slave1 ~]# logger -p local5.info "hello world" 服务端显示:
root@server1 log]# cat /var/log/all.log
Jun 12 21:06:21 slave1 root: hello world
实例4:
服务端: /etc/rsyslog.conf文件最后添加
$template logfile,"/var/log/logfile_%$year%%$month%%$day%.log" //生成新的日志文件
:msg,contains,"muyushan" ?logfile //表示对消息中含有muyushan 发送到,logfile定义的文件中
客户端:
/etc/rsyslog.conf文件最后添加
:msg,contains,"muyushan" @@192.168.1.26:10514 //只对消息中含有muyushan发送到192.168.1.26:10514主机
注意: :msg,contains,"muyushan"
logger -t muyushan "muyushan" :rsyslog 只对 "muyushan" 过滤,发送到192.168.1.26:10514
logger -t muyushan "test" 是不发送到 192.168.1.26:10514
EG:
2016-06-13T00:48:16.643880-07:00 localhost muyushan: muyushan 中的红色过滤 客户端测试:logger "muyushan" 服务器查看:
[root@localhost log]# cat logfile_20160613.log
2016-06-13T01:11:21-07:00 localhost root: muyushan
最新文章
- [每日一记] Python报错 综述
- CSS Hack解决浏览器IE部分属性兼容性问题
- C# Stream 和 byte[] 之间的转换
- Mac OS 的一点历史: Mac OS, Mac OSX 与Darwin
- 浏览器内核与js引擎
- ubuntu12.04安装svn 1.7(转载)
- LDO-XC6216C202MR-G
- [Unity3D]脚本中Start()和Awake()的区别
- Yii源码阅读笔记(七)
- AMD机制与cMD的区别和概念简要介绍
- Xcode5 上使用Base SDK iOS6程序和iOS6模拟器
- 【转】Java web 编解码
- AngularJs学习笔记5——自定义服务
- nodejs微信开发获取token,ticket-1
- WebService测试方案
- Python实现二叉树的四种遍历
- eclipse中tomcat内存溢出设置
- CSS实现核辐射警告标志
- IIS 设置
- Node.js实战项目学习系列(3) CommonJS 模块化规范