环境
系统:CentOS 6.9
rsyslog版本:8.29.0
rsyslog服务端IP:10.10.10.10
准备
-
安装rsyslog的yum源
# cd /etc/yum.repos.d/ # wget http://rpms.adiscon.com/v8-stable/rsyslog.repo -
升级rsyslog
# yum install rsyslog -
检查rsyslog版本
# rsyslogd -v
注:rsyslog客户端和服务端都要升级
rsyslog客户端配置
-
添加子配置文件
# vim /etc/rsyslog.d/rsyslog-server.conf module(load="imfile" PollingInterval="5") local0.* @@10.10.10.10:514 input(type="imfile" File="/App/tomcat/example/logs/catalina.*.log" Tag="tomcat+example+catalina.log" Severity="info" Facility="local0") input(type="imfile" File="/App/tomcat/example/logs/catalina.out" Tag="tomcat+example+catalina.out" Severity="info" Facility="local0") input(type="imfile" File="/App/tomcat/example/logs/localhost.*.log" Tag="tomcat+example+localhost.log" Severity="info" Facility="local0") -
检查配置
# rsyslogd -N1 -
重启服务
# /etc/init.d/rsyslog restart
rsrslog服务端配置
-
编辑主配置文件
# vim /etc/rsyslog.conf module(load="imudp") # needs to be done just once input(type="imudp" port="514") ...... module(load="imtcp") # needs to be done just once input(type="imtcp" port="514") ...... # 添加到末尾 template(name="RemoteFileFormat" type="string" string="/data/rsyslog/%hostname%/%programname:F,43:1%/%programname:F,43:2%/%programname:F,43:3%-%$year%%$month%%$day%") template(name="CleanMsgFormat" type="string" string="%msg:2:$%\n") local0.* ?RemoteFileFormat;CleanMsgFormat & ~参数解释:
hostnamemessage的主机名部分
programname:F,43:1message的tag的静态部分,以ascii码43(+字符)分隔,取第1段
msg:2:$message的msg部分,取第2至最后的字符(不是以空格开头msg,rsyslog会自动补一个空格)例子:
客户端配置属性Tag=tomcat+example+catalina.log的消息
服务端会写入路径为/data/rsyslog/hostname/tomcat/example/catalina.log-20170903的文件 -
检查配置
# rsyslogd -N1 -
重启服务
# /etc/init.d/rsyslog restart
