It is easy to define the system default log collection.
But how to configure the custom logs written by programmers in the company project, it is possible to use the local and filter filters these things ...
Let's go slowly.
Collect the URL to spare, is to speak local,templat,filter better case:
Http://blog.sina.com.cn/s/blog_4a80a5730101m2b3.html
http://my.oschina.net/0757/blog/198329
Http://wenku.baidu.com/link?url=tPJuftxO3EjGYKe77IH4rnjVAmjWju9_A1LTOrj0nBeigy7letgPq9nokXXizXB_ 95eoosiknblvibclanm3zgnrugoi3hlay0kzjiyzueu
http://my.oschina.net/duxuefeng/blog/317570
Http://blog.clanzx.net/2013/12/31/rsyslog.html
There are more than n modules!!!
~~~~~~~~~~~~~~~
A. mysql support
Rsyslog Many of the functions are implemented in the form of modules, such as this MySQL support, first in the compile time we must compile the module, and then load "$ModLoad ommysql" in/etc/rsyslog.conf, Then specify which logs need to be stored in the data. Before using the MySQL module, we need to manually build the library, define the table, these steps are detailed in the manual, the operation is not difficult.
B. Filter (log filter)
Filter is a highlight of rsyslog, and usually we don't have all the logs to collect, such as we only need to error The following level of log, or we want to include a specific content of the log. With the use of filter, we can easily implement these requirements. Here are a few examples of how to use the Manual in detail:
| 12 | :msg, contains,"test_message"/var/log/test.log&~ |
If the log content contains "Test_message" is stored in the/var/log/test.log, "&~" means to discard, do not do subsequent processing. Even if there is ": Msg, contains," Test_message "/var/log/test2.log", this log will no longer exist test2.log.
| 12 | if$msg contains ‘test_message‘then /var/log/test.log&~ |
Another way to write the example above, with the if advantage is to define some complex conditional matches
Filter is very practical, only the local0~local7 defined in the syslog is a few user-defined facility. Using filter we easily solve the problem of custom facility not enough
C. template
Using template to define the log format templates, you can standardize the types of logs, it is convenient for us to view, and easy to use, but the template definition must be placed at the top of rsyslog.conf.
| 12 | $templatemyFormat,"%timestamp% %hostname% %pri-text% %msg%\n"$ActionFileDefaultTemplatemyFormat |
In the first line we define a template named MyFormat, and the second line means to use our defined MyFormat as the default template for Rsyslog. If you just need to apply this template to a specific log, you can write this
| 1 | $templatemyFormat,"%timestamp% %hostname% %pri-text% %msg%\n";Format |
======================================================================
Example: Specifying a log file, or terminal
======================================================================
[Email protected] ule-sa3]# vi/etc/rsyslog.conf
[Email protected] ule-sa3]# grep local3!$
grep local3/etc/rsyslog.conf
local3.*/var/log/local3.log
[Email protected] ule-sa3]# Rm-rf/var/log/local3.log
[Email protected] ule-sa3]#/etc/init.d/rsyslog Reload
Reloading System Logger ... [OK]
[Email protected] ule-sa3]# Ls/var/log/local3.log
/var/log/local3.log
[Email protected] ule-sa3]# logger-t ' logtest '-P local3.info ' kadefor is testing the rsyslog and logger '
[Email protected] ule-sa3]# Cat/var/log/local3.log
June 04:55:52 Kadefor Logtest:kadefor is testing the rsyslog and logger
[Email protected] ule-sa3]#
Send your own experiment log to a terminal
======================================================================
Example: Filtering a specific log to a file, ignoring (discarding) a log containing a string
======================================================================
# filter log, starting with: number
: Msg, contains, "Error"/var/log/error.log
: Msg, contains, "Error" ~ # Ignore log containing error
: Msg, contains, "User Nagios" ~
: Msg, contains, "User Kadefor" ~
: Msg, contains, "Module-alsa-sink.c:alsa woke us up-to-write new data to the device, but there is actually nothing to WR Ite "~
local3.* ~
Ps.
& ~ # Ignore All logs
Keep logs containing ' Oracle ' in/var/log/oracle.log
======================================================================
Example: Using a template to define a log format
======================================================================
Define the default log format:
$template MyFormat, "%rawmsg%\n"
$ActionFileDefaultTemplate MyFormat
#如果不要 $ActionFileDefaultTemplate MyFormat This line, you need to use a template like this:
to #在日志文件后添加模板名 and use;
$template MyFormat, "%rawmsg%\n"
# The Authpriv file has restricted access.
authpriv.*/var/log/secure;myformat
# Log All of the mail messages in one place.
Mail.*/var/log/maillog;myformat
# Log Cron Stuff
Cron.*/var/log/cron;myformat
# Everybody gets emergency messages
*.emerg *
# Save News errors of level crit and higher in a special file.
Uucp,news.crit/var/log/spooler;myformat
# Save Boot messages also to Boot.log
local7.*/var/log/boot.log;myformat
======================================================================
Example: Remote log send and receive remotely:
======================================================================
If you want to modify a port other than 514, you need to set the SELinux
Just add in the rsyslog.conf.
* * @192.168.0.10
* * @192.168.0.10:10514 # with port number
*. * @@192.168.0.10 # TCP
But there is no definition of which file is saved on the remote?
Actually saved in what file, that is the remote log server received the log after its own thing.
Rsyslog's not that simple.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
