【Rsyslog】

一、系统信息说明

本案例共分为2台机器,一台机器为Rsyslog服务器端,另一台机器为Rsyslog客户端。其中客户端安装的有tomcat. 通过配置,将客户端的日志发送到Rsyslog服务器端。

#服务端IP
10.10.10.102
#客户端IP
10.10.10.103

  

二、配置文件

 

1.服务端10.10.10.102配置文件

[root@monkey ~]# cat /etc/rsyslog.conf|grep -v '^#'|sed '/^$/d'
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal
$ModLoad imudp
$UDPServerRun 514
$template  SpiceTmpl,"%msg:2:$%\n" #定义一个模块,去掉开头的空格
$template  ChannelmanageCatalinaDynaFile,"/data/rsyslog/%fromhost-ip%/channelmanage/catalina_%$YEAR%-%$MONTH%-%$DAY%.log"
:rawmsg,contains,"catalina-10.10.10.102-8080" ?ChannelmanageCatalinaDynaFile;SpiceTmpl
$ModLoad imtcp
$InputTCPServerRun 514
$WorkDirectory /var/lib/rsyslog
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
$OmitLocalLogging on
$IMJournalStateFile imjournal.state
*.info;mail.none;authpriv.none;cron.none                /var/log/messages
authpriv.*                                              /var/log/secure
mail.*                                                  -/var/log/maillog
cron.*                                                  /var/log/cron
*.emerg                                                 :omusrmsg:*
uucp,news.crit                                          /var/log/spooler
local7.*                                                /var/log/boot.log

 

2.客户端10.10.10.103配置文件

rsyslog配置文件

[root@node1 ~]# cat /etc/rsyslog.conf|grep -v '^#'|sed '/^$/d'
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal
$WorkDirectory /var/lib/rsyslog
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$template myFormat,"%timestamp% %fromhost-ip% %msg%\n"
module(load="imfile" PollingInterval="5") 
input(type="imfile"
      File="/usr/local/apache-tomcat-9.0.24/logs/catalina.out"
      Tag="foobar"
      Severity="error"
      Facility="local7")
$IncludeConfig /etc/rsyslog.d/*.conf
$OmitLocalLogging on
$IMJournalStateFile imjournal.state
*.info;mail.none;authpriv.none;cron.none                /var/log/messages
authpriv.*                                              /var/log/secure
mail.*                                                  -/var/log/maillog
cron.*                                                  /var/log/cron
*.emerg                                                 :omusrmsg:*
uucp,news.crit                                          /var/log/spooler
local7.*                                                /var/log/boot.log
*.*                 @10.10.10.102:514

 

tomcat安装目录:/usr/local/apache-tomcat-9.0.24

 

三、测试

在配置文件完成后,重启rsyslog服务。

systemctl restart rsyslog
systemctl status  rsyslog

通过查看服务器的/var/log/messages文件,可看到apache-tomcat的日志已经发送过来。

 

posted @ 2019-09-20 11:00  foreverfriends  阅读(215)  评论(0编辑  收藏  举报