How to send logs to the rsyslog log Center

Rsyslog is divided into server and client

Client rsyslog configuration file configuration

Several items are useful.

$ Actionqueuetype queue list # use Asynchronous processing to enable cache queue

$ Actionqueuefilename backup_local # Set file name, also enables disk mode if the client is down, the cache queue is written to the local backup_local variable and the location has been defined.

$ Actionresumeretrycount-1 # infinite retries on insert failure

$ Actionqueuesaveonshutdown on

$ Actionqueuemaxfilesize 50 m the size of each file is 50 m

$ Actionqueuemaxdiskspace 10g backup_local this directory allows up to 10g Storage

Local3. *; local4. *; local5. *; local7. * @ 10.67.21.19: 2000

@ Refers to TCP transmission and @ refers to UDP protocol

Local3 is of a large level, which is divided into error, info, debug, warn...

Logs of this level are transmitted to port 2000 of 10.67.21.19.

The following is the script for pushing logs from the client.

#! /Usr/bin/Python

Import Syslog

Import time

While true:

Now_time = time. strftime ('% Y-% m-% d % H: % m: % s', time. localtime (Time. Time ()))

Syslog. openlog ('test', syslog. log_pid, syslog. log_local3) defines the Push level to rsyslog.

Syslog. syslog (syslog. log_info, '% s content 000000000000' % now_time)

Time. Sleep (5)

Server Configuration

First look at this

Local3. = alert -? F_apache_saccess_2000; t_sae_output_2000

Local3. = err -? F_apache_error_2000; t_sae_output_2000

Local3. = warning -? F_apache_warning_2000; t_sae_output_2000

Local3. = notice -? F_apache_notice_2000; t_sae_output_2000

# Local3. = Info -? F_apache_access_2000; t_sae_output_2000

Local3. = debug -? F_apache_debug_2000; t_sae_output_2000

$ Actionomprogbinary/usr/local/SAE/logparser/Shell/web-access.sh

Local3. = info: omprog:; t_sae_output_2000

The preceding description indicates the location in which different levels of local3 are sent, and the format, omprog this means that the info level of local3 goes through/usr/local/SAE/logparser/Shell/web-access.sh to process

F_apache_saccess_2000 is defined on the variable, which refers to the log storage path.

$ Template f_apache_saccess_2000, "/data1/saelog/% $ year %-% $ month %-% $ day %/saccess/% MSG: F, 32: 9%/% MSG: f, 32: 8%-% MSG: F, 32: 10%-saccess_log"

It is worth noting that % MSG: F, 32: 9% indicates that the log content is a 9th column separated by Spaces

The variable t_sae_output_2000 indicates the log format after output.

"% MSG: 2: $ % hostname % \ n" indicates that starting from the second string of the entire log

So the entire rsyslog log transmission process is coming.

This article is from the "batch CT Batch Data Synchronization" blog, please be sure to keep this source http://4249964.blog.51cto.com/4239964/1557263

How to send logs to the rsyslog log Center