Как использовать rsyslog для файлов журнала от клиента к серверу
Можно сделать следующее. Можно установить корень на основе запроса $host.
местоположение / {
базируйтесь/usr/local/$host/www/;
}
1
задан Drew Khoury
13 March 2014 в 09:01
Ссылка
1 ответ
One solution is to check the $programname (which gets populated with the value from $InputFileTag on the client for each file you monitor).
Client Configuration
On the client, create your file monitor(s), and make sure $InputFileTag starts with 'file-'. Here is an example with log files foo and bar:
######################### START /var/log/foo.log
$InputFileName /var/log/foo.log
$InputFileTag file-foo:
$InputFileStateFile stat-foo
$InputFileSeverity info
$InputRunFileMonitor
######################### END /var/log/foo.log
######################### START /var/log/bar.log
$InputFileName /var/log/bar.log
$InputFileTag file-bar:
$InputFileStateFile stat-bar
$InputFileSeverity info
$InputRunFileMonitor
######################### END /var/log/bar.log
Server Configuration
And then on the server, check that $programname starts with 'file-' (as should be the case for all of your file monitors, but not for any of the standard syslog messages). Here is an example:
$template FileTemplate,"/var/log/remote-%HOSTNAME%-%programname%.log"
if $programname startswith 'file-' then -?FileTemplate
& ~
- This solution checks to see if the $programname starts with 'file-'
- As long as you have control over how you label $InputFileTag (on the client) this solution works quite well
- The template uses programname and hostname to keep file names unique on the server
- The & ~ makes sure this syslog message doesn't get processed further down in the config
- This solution provides ONE configuration on the server that doesn't need to be updated each time you add a new file monitor on the client.
1