rsyslog 读取文件名:
[root@node01 log]# cat /etc/rsyslog.conf
module(load="imfile")
#template(name="remote" type="string" string="%msg%
")
template(name="remote" type="list") {
constant(value="<")
property(name="pri")
constant(value=">")
property(name="timestamp" dateFormat="rfc3339")
constant(value=" ")
property(name="hostname")
constant(value=" ")
property(name="syslogtag" position.from="1" position.to="32")
property(name="msg" spifno1stsp="on" )
property(name="msg")
constant(value=",")
property(name="$!metadata!filename")
}
input (
type="imfile"
File="/root/log/a2.log"
Tag="testlog02"
PersistStateInterval="10"
reopenOnTruncate="on"
Severity="info"
Facility="local5"
ruleset="chat"
addMetadata ="on"
)
ruleset (name="chat"){
action(type="omfwd" Target="192.168.137.3" Port="514" Protocol="tcp" template="remote")
}
$EscapeControlCharactersOnReceive off
##%msg:2:$%为去掉日志开头的空格
$template tocFormat,"%fromhost-ip%%$!metadata!filename%,%msg%
"
#$template xd-app-10.4.32.5,"/data01/tlxd/xd-app.-%$year%-%$month%-%$day%"
#:fromhost-ip, isequal, "10.4.32.5" -?xd-app-10.4.32.5
######weblogic 交易日志##################################################################################
$template testlog01,"/data01/%fromhost-ip%/%syslogtag%.%$year%-%$month%-%$day%"
:syslogtag,isequal,"testlog01" -?testlog01;tocFormat
$template testlog02,"/data01/%fromhost-ip%/%syslogtag%.%$year%-%$month%-%$day%"
:syslogtag,isequal,"testlog02" -?testlog02;tocFormat
#$template "%$!metadata!filename%","/data01/%fromhost-ip%/%syslogtag%.%$year%-%$month%-%$day%"
#:rawmsg,contains,"%$!metadata!filename%" -?"%$!metadata!filename%";tocFormat
测试:
[root@node01 log]# echo "aaaaaaaaaaccccccccccc" >>a2.log
[root@node01 log]#
node2:/data01/192.168.137.2#cat testlog02.2017-07-14
192.168.137.2, aaaaaaaaaa,/root/log/a2.log
192.168.137.2, aaaaaaaaaaccccccccccc,/root/log/a2.log
node2:/data01/192.168.137.2#