一、系统信息说明
本案例共分为2台机器,一台机器为Rsyslog服务器端,另一台机器为Rsyslog客户端。其中客户端安装的有tomcat. 通过配置,将客户端的日志发送到Rsyslog服务器端。
#服务端IP
10.10.10.102
#客户端IP
10.10.10.103
二、配置文件
1.服务端10.10.10.102配置文件
[root@monkey ~]# cat /etc/rsyslog.conf|grep -v '^#'|sed '/^$/d'
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal
$ModLoad imudp
$UDPServerRun 514
$template SpiceTmpl,"%msg:2:$%\n" #定义一个模块,去掉开头的空格
$template ChannelmanageCatalinaDynaFile,"/data/rsyslog/%fromhost-ip%/channelmanage/catalina_%$YEAR%-%$MONTH%-%$DAY%.log"
:rawmsg,contains,"catalina-10.10.10.102-8080" ?ChannelmanageCatalinaDynaFile;SpiceTmpl
$ModLoad imtcp
$InputTCPServerRun 514
$WorkDirectory /var/lib/rsyslog
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
$OmitLocalLogging on
$IMJournalStateFile imjournal.state
*.info;mail.none;authpriv.none;cron.none /var/log/messages
authpriv.* /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
*.emerg :omusrmsg:*
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log
2.客户端10.10.10.103配置文件
rsyslog配置文件
[root@node1 ~]# cat /etc/rsyslog.conf|grep -v '^#'|sed '/^$/d'
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal
$WorkDirectory /var/lib/rsyslog
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$template myFormat,"%timestamp% %fromhost-ip% %msg%\n"
module(load="imfile" PollingInterval="5")
input(type="imfile"
File="/usr/local/apache-tomcat-9.0.24/logs/catalina.out"
Tag="foobar"
Severity="error"
Facility="local7")
$IncludeConfig /etc/rsyslog.d/*.conf
$OmitLocalLogging on
$IMJournalStateFile imjournal.state
*.info;mail.none;authpriv.none;cron.none /var/log/messages
authpriv.* /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
*.emerg :omusrmsg:*
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log
*.* @10.10.10.102:514
tomcat安装目录:/usr/local/apache-tomcat-9.0.24
三、测试
在配置文件完成后,重启rsyslog服务。
systemctl restart rsyslog
systemctl status rsyslog
通过查看服务器的/var/log/messages文件,可看到apache-tomcat的日志已经发送过来。