V8配置语法
[root@node01 log]# cat /etc/rsyslog.conf
module(load="imfile")
#template(name="remote" type="string" string="%msg%
")
template(name="remote" type="string"
string="<%PRI%>%TIMESTAMP:::date-rfc3339% %HOSTNAME% %syslogtag:1:32%%msg:::sp-if-no-1st-sp%%msg%"
)
input (
type="imfile"
File="/root/log/a2.log"
Tag="testlog02"
PersistStateInterval="10"
reopenOnTruncate="on"
Severity="info"
Facility="local5"
ruleset="chat"
)
input (
type="imfile"
File="/root/log/a1.log"
Tag="testlog01"
PersistStateInterval="10"
reopenOnTruncate="on"
Severity="info"
Facility="local5"
ruleset="chat"
)
ruleset (name="chat"){
action(type="omfwd" Target="192.168.137.3" Port="514" Protocol="tcp" template="remote")
}
测试:
[root@node01 log]# echo "a1.log 1111122223333aaaabbbccc" >>a1.log
接收端:
$EscapeControlCharactersOnReceive off
##%msg:2:$%为去掉日志开头的空格
$template tocFormat,"%fromhost-ip%,%msg%
"
#$template xd-app-10.4.32.5,"/data01/tlxd/xd-app.-%$year%-%$month%-%$day%"
#:fromhost-ip, isequal, "10.4.32.5" -?xd-app-10.4.32.5
######weblogic 交易日志##################################################################################
$template testlog01,"/data01/%fromhost-ip%/%syslogtag%.%$year%-%$month%-%$day%"
:syslogtag,isequal,"testlog01" -?testlog01;tocFormat
$template testlog02,"/data01/%fromhost-ip%/%syslogtag%.%$year%-%$month%-%$day%"
:syslogtag,isequal,"testlog02" -?testlog02;tocFormat
node2:/data01/192.168.137.2#cat testlog01.2017-07-14
192.168.137.2, 123456789
192.168.137.2, a1.log 1111122223333aaaabbbccc