作者:邓聪聪
方法1;
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command) $ModLoad imjournal # provides access to the systemd journal $ModLoad imudp $UDPServerRun 514 $template DynaFile,"/var/log/%FROMHOST-IP%/%syslogfacility-text%.log" #收集的日志格式1 *.* -?DynaFile
#$template IpTemplate,"/var/log/%FROMHOST-IP%.log" #收集日志格式2
#*.* ?IpTemplate
#& ~
$WorkDirectory /var/lib/rsyslog $template CustomFormat,"%$NOW% %TIMESTAMP:8:15% %HOSTNAME% %syslogtag% %msg% " #修改时间格式 $ActionFileDefaultTemplate CustomFormat $IncludeConfig /etc/rsyslog.d/*.conf $OmitLocalLogging on $IMJournalStateFile imjournal.state *.info;mail.none;authpriv.none;cron.none /var/log/messages authpriv.* /var/log/secure mail.* -/var/log/maillog cron.* /var/log/cron *.emerg :omusrmsg:* uucp,news.crit /var/log/spooler local7.* /var/log/boot.log
方法2;
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command) $ModLoad imjournal # provides access to the systemd journal $ModLoad imudp $UDPServerRun 514 $WorkDirectory /var/lib/rsyslog $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat $IncludeConfig /etc/rsyslog.d/*.conf $OmitLocalLogging on $IMJournalStateFile imjournal.state *.info;mail.none;authpriv.none;cron.none /var/log/messages authpriv.* /var/log/secure mail.* -/var/log/maillog cron.* /var/log/cron *.emerg :omusrmsg:* uucp,news.crit /var/log/spooler local7.* /var/log/boot.log
客户端:
info-center channel 7 name sw1
info-center loghost 1.1.1.1 channel sw1 info-center loghost 1.1.1.1 source-ip 2.2.2.2 channel sw1