linux,centos7.2,/etc/rsyslog.conf檔案詳解
阿新 • • 發佈:2018-12-30
linux系統自動的log功能,目前由rsyslog服務代管,應該說rsyslog 是syslog 的升級版。
[[email protected] ~]# cat /etc/rsyslog.conf # rsyslog configuration file #### MODULES #### #載入模組列表 # The imjournal module bellow is now used as a message source instead of imuxsock. $ModLoad imuxsock # provides support for local system logging (e.g. via logger command) 提供對本地系統日誌的支援 $ModLoad imjournal # provides access to the systemd journal 提供對systemd日誌的訪問 #$ModLoad imklog # reads kernel messages (the same are read from journald) 讀取核心訊息 #$ModLoad immark # provides --MARK-- message capability 提供--MARK--訊息功能 # Provides UDP syslog reception #$ModLoad imudp #$UDPServerRun 514 允許514埠接收使用UDP協議轉發過來的日誌 # Provides TCP syslog reception #$ModLoad imtcp #$InputTCPServerRun 514允許514埠接收使用TCP協議轉發過來的日誌 #### GLOBAL DIRECTIVES #### #全域性指令, # Where to place auxiliary files $WorkDirectory /var/lib/rsyslog # Use default timestamp format 定義日誌格式預設模板 $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat # File syncing capability is disabled by default. This feature is usually not required, # not useful and an extreme performance hit #$ActionFileEnableSync on # Include all config files in /etc/rsyslog.d/ $IncludeConfig /etc/rsyslog.d/*.conf # Turn off message reception via local log socket; # local messages are retrieved through imjournal now. $OmitLocalLogging on # File to store the position in the journal $IMJournalStateFile imjournal.state #### RULES #### #規則 # Log all kernel messages to the console. # Logging much else clutters up the screen. #kern.* /dev/console 關於核心的所有日誌都放到/dev/console(控制檯) # Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;authpriv.none;cron.none /var/log/messages 記錄所有日誌型別的info級別以及大於info級別的資訊到/var/log/messages,但是mail郵件資訊,authpriv驗證方面的資訊和cron時間任務相關的資訊除外 # The authpriv file has restricted access. authpriv.* /var/log/secure authpriv驗證相關的所有資訊存放在/var/log/secure # Log all the mail messages in one place. mail.* -/var/log/maillog 郵件的所有資訊存放在/var/log/maillog; 這裡有一個-符號, 表示是使用非同步的方式記錄, 因為日誌一般會比較大 # Log cron stuff cron.* /var/log/cron 計劃任務有關的資訊存放在/var/log/cron # Everybody gets emergency messages *.emerg :omusrmsg:* 記錄所有的大於等於emerg級別資訊, 以wall方式傳送給每個登入到系統的人 # Save news errors of level crit and higher in a special file. uucp,news.crit /var/log/spooler 記錄uucp,news.crit等存放在/var/log/spooler uucp –unix to unix copy, unix主機之間相關的通訊,news –新聞組 # Save boot messages also to boot.log local7.* /var/log/boot.log 啟動的相關資訊 #### begin forwarding rule ### 轉發規則 # The statement between the begin ... end define a SINGLE forwarding # rule. They belong together, do NOT split them. If you create multiple # forwarding rules, duplicate the whole block! # Remote Logging (we use TCP for reliable delivery) # An on-disk queue is created for this action. If the remote host is # down, messages are spooled to disk and sent when it is up again. #$ActionQueueFileName fwdRule1 # unique name prefix for spool files #$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) #$ActionQueueSaveOnShutdown on # save messages to disk on shutdown #$ActionQueueType LinkedList # run asynchronously #$ActionResumeRetryCount -1 # infinite retries if host is down # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional #*.* @@remote-host:514 @@表示通過tcp協議傳送,使用TCP協議轉發到remote-host的514(預設)埠 @表示通過udp進行轉發 # ### end of the forwarding rule ###