Linux下rsyslog服务的配置文件rsyslog.conf详解

  1 # rsyslog v5 configuration file
  2 
  3 # For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
  4 # If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
  5 
  6 #### MODULES ####   #加载模块
  7 
  8 $ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
  9 $ModLoad imklog   # provides kernel logging support (previously done by rklogd)
 10 #$ModLoad immark  # provides --MARK-- message capability
 11 
 12 # Provides UDP syslog reception   #允许514端口接收使用UDP协议转发过来的日志
 13 $ModLoad imudp
 14 $UDPServerRun 514
 15 
 16 # Provides TCP syslog reception   #允许514端口接收使用TCP协议转发过来的日志
 17 #$ModLoad imtcp
 18 #$InputTCPServerRun 514
 19 
 20 
 21 #### GLOBAL DIRECTIVES ####
 22 
 23 # Use default timestamp format   #定义日志格式默认模板  
 24 $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
 25 
 26 # File syncing capability is disabled by default. This feature is usually not required,
 27 # not useful and an extreme performance hit
 28 #$ActionFileEnableSync on
 29 
 30 # Include all config files in /etc/rsyslog.d/
 31 $IncludeConfig /etc/rsyslog.d/*.conf
 32 
 33 
 34 #### RULES ####
 35 
 36 # Log all kernel messages to the console.
 37 # Logging much else clutters up the screen.
 38 #kern.*                                                 /dev/console   #关于内核的所有日志都放到/dev/console(控制台)
 39 
 40 # Log anything (except mail) of level info or higher.
 41 # Don't log private authentication messages!
 42 *.info;mail.none;authpriv.none;cron.none               /var/log/messages   #记录所有日志类型的info级别以及大于info级别的信息到/var/log/messages,但是mail邮件信息,authpriv验证方面的信息和cron时间任务相关的信息除外
 43 
 44 # The authpriv file has restricted access.
 45 authpriv.*                                              /var/log/secure   #authpriv验证相关的所有信息存放在/var/log/secure
 46 
 47 # Log all the mail messages in one place.
 48 mail.*                                                  -/var/log/maillog   #邮件的所有信息存放在/var/log/maillog; 这里有一个-符号, 表示是使用异步的方式记录, 因为日志一般会比较大
 49 
 50 
 51 # Log cron stuff
 52 cron.*                                                  /var/log/cron   #计划任务有关的信息存放在/var/log/cron
 53 
 54 # Everybody gets emergency messages
 55 *.emerg                                                 *   #记录所有的大于等于emerg级别信息,以wall方式发送给每个登录到系统的人(*代表所有在线用户)
 56 
 57 # Save news errors of level crit and higher in a special file.
 58 uucp,news.crit                                          /var/log/spooler   #记录uucp,news.crit等存放在/var/log/spooler
 59 
 60 # Save boot messages also to boot.log   #启动的相关信息
 61 local7.*                                                /var/log/boot.log
 62 local0.*                                                /var/log/haproxy.log
 63 
 64 # ### begin forwarding rule ###      #转发规则
 65 # The statement between the begin ... end define a SINGLE forwarding
 66 # rule. They belong together, do NOT split them. If you create multiple
 67 # forwarding rules, duplicate the whole block!
 68 # Remote Logging (we use TCP for reliable delivery)
 69 #
 70 # An on-disk queue is created for this action. If the remote host is
 71 # down, messages are spooled to disk and sent when it is up again.
 72 #$WorkDirectory /var/lib/rsyslog # where to place spool files
 73 #$ActionQueueFileName fwdRule1 # unique name prefix for spool files
 74 #$ActionQueueMaxDiskSpace 1g   # 1gb space limit (use as much as possible)
 75 #$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
 76 #$ActionQueueType LinkedList   # run asynchronously
 77 #$ActionResumeRetryCount -1    # infinite retries if host is down
 78 # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
 79 #*.* @@remote-host:514       # @@表示通过tcp协议发送    @表示通过udp进行转发
 80 # ### end of the forwarding rule ###