rsyslog日志传输需要配置两个端口,客户端和服务端。
tcp,udp可以同时放开,由@的个数确定使用的协议。
客户端配置(rsyslog.confclient)
# /etc/rsyslog.conf Configuration file for rsyslog.
#
# For more information see
# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#
# Default logging rules can be found in /etc/rsyslog.d/50-default.conf
#################
#### MODULES ####
#################
module(load="imuxsock") # provides support for local system logging
module(load="imklog") # provides kernel logging support
#module(load="immark") # provides --MARK-- message capability
# provides UDP syslog reception
module(load="imudp")
input(type="imudp" port="514")
# provides TCP syslog reception
module(load="imtcp")
input(type="imtcp" port="514")
#################################
#### File --> client path ####
#### Tag --> client filename ####
#################################
module(load="imfile" PollingInterval="1")
input(type="imfile"
File="/cds/log/task.log"
Tag="task"
Severity="info"
Facility="local7"
)
###################################################
#### server-ip --> 192.168.1.170 ####
#### server-port --> 514 ####
#### TCP --> %Facility%.* @@192.168.1.170:514; ####
#### PUD --> %Facility%.* @192.168.1.170:514; ####
###################################################
local7.* @@192.168.1.170:514
# Enable non-kernel facility klog messages
$KLogPermitNonKernelFacility on
###########################
#### GLOBAL DIRECTIVES ####
###########################
#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# Filter duplicated messages
$RepeatedMsgReduction on
#
# Set the default permissions for all log files.
#
$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$PrivDropToUser syslog
$PrivDropToGroup syslog
#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog
#
# Include all config files in /etc/rsyslog.d/
#
服务端配置(rsyslog.confserver)
# /etc/rsyslog.conf Configuration file for rsyslog.
#
# For more information see
# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#
# Default logging rules can be found in /etc/rsyslog.d/50-default.conf
#################
#### MODULES ####
#################
module(load="imuxsock") # provides support for local system logging
module(load="imklog") # provides kernel logging support
#module(load="immark") # provides --MARK-- message capability
# provides UDP syslog reception
#module(load="imudp")
#input(type="imudp" port="514")
# provides TCP syslog reception
module(load="imtcp")
input(type="imtcp" port="514")
# server path
$template RemoteLogs,"/var/log/drs700/%HOSTNAME%/%PROGRAMNAME%.log"
local7.* ?RemoteLogs
& ~
# Enable non-kernel facility klog messages
$KLogPermitNonKernelFacility on
###########################
#### GLOBAL DIRECTIVES ####
###########################
#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# Filter duplicated messages
$RepeatedMsgReduction on
#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog
#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf
部署过程
1(默认ft2000是装有syslog服务的)
客户端配置文件将cp rsyslog.confclient /etc/rsyslog.conf
服务端配置文件将cp rsyslog.confserver /etc/rsyslog.conf
2 服务器端配置文件接收文件的目录(例如/var/log/drs700)
chmod 700 /var/log/drs700
chown syslog:syslog /var/log/drs700
3 /etc/init.d/rsyslog restart syslog重启
4 修改配置后要重启syslog服务
|