rsyslog日志配置

 1 # rsyslog v5 configuration file
 2  
 3 # For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
 4 # If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
 5  
 6 #### MODULES ####
 7  
 8 $ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
 9 $ModLoad imklog   # provides kernel logging support (previously done by rklogd)
10 $ModLoad immark  # provides --MARK-- message capability
11  
12 # Provides UDP syslog reception
13 $ModLoad imudp                                          #开启udp的514端口。也可以开启tcp的514端口,这里只接受udp的
14 $UDPServerRun 514
15  
16 # Provides TCP syslog reception
17 #$ModLoad imtcp
18 #$InputTCPServerRun 514
19  
20 $WorkDirectory /var/lib/rsyslog
21 $AllowedSender udp, 192.168.17.0/8                    #仅仅接收来自192.168.17.0/8网段的主机的udp日志(这个是公司防火墙的ip地址)
22 #### GLOBAL DIRECTIVES ####
23  
24 # Use default timestamp format
25 $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
26 $template Remote,"/data/fw_logs/%fromhost-ip%/%fromhost-ip%_%$YEAR%-%$MONTH%-%$DAY%.log"           #定义模板,接受日志文件路径,区分了不同主机的日志
27 :fromhost-ip, !isequal, "127.0.0.1" ?Remote                                                        # 过滤server 本机的日志
28 # File syncing capability is disabled by default. This feature is usually not required,
29 # not useful and an extreme performance hit
30 #$ActionFileEnableSync on
31  
32 # Include all config files in /etc/rsyslog.d/
33 $IncludeConfig /etc/rsyslog.d/*.conf
34  
35  
36 #### RULES ####
37  
38 # Log all kernel messages to the console.
39 # Logging much else clutters up the screen.
40 #kern.*                                                 /dev/console
41  
42 # Log anything (except mail) of level info or higher.
43 # Don't log private authentication messages!
44 *.info;mail.none;authpriv.none;cron.none                /var/log/messages
45  
46 # The authpriv file has restricted access.
47 authpriv.*                                              /var/log/secure
48  
49 # Log all the mail messages in one place.
50 mail.*                                                  -/var/log/maillog
51 local4.*                                                /data/fw.log
52  
53 # Log cron stuff
54 cron.*                                                  /var/log/cron
55  
56 # Everybody gets emergency messages
57 *.emerg                                                 *
58  
59 # Save news errors of level crit and higher in a special file.
60 uucp,news.crit                                          /var/log/spooler
61  
62 # Save boot messages also to boot.log
63 local7.*                                                /var/log/boot.log
64  
65  
66 # ### begin forwarding rule ###
67 # The statement between the begin ... end define a SINGLE forwarding
68 # rule. They belong together, do NOT split them. If you create multiple
69 # forwarding rules, duplicate the whole block!
70 # Remote Logging (we use TCP for reliable delivery)
71 #
72 # An on-disk queue is created for this action. If the remote host is
73 # down, messages are spooled to disk and sent when it is up again.
74 #$WorkDirectory /var/lib/rsyslog # where to place spool files
75 #$ActionQueueFileName fwdRule1 # unique name prefix for spool files
76 #$ActionQueueMaxDiskSpace 1g   # 1gb space limit (use as much as possible)
77 #$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
78 #$ActionQueueType LinkedList   # run asynchronously
79 #$ActionResumeRetryCount -1    # infinite retries if host is down
80 # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
81 #*.* @@remote-host:514
82 # ### end of the forwarding rule ###

 

posted on 2021-07-08 13:48  明.Sir  阅读(442)  评论(0编辑  收藏  举报

导航