问题标签 [rsyslog]

apache 2.2.22（Ubuntu 12.04）上有多个 vhost 正在运行，我想将每个 vhost 错误日志发送到单独的 rsyslog 文件，以下是配置

阿帕奇虚拟主机

系统日志配置 /etc/rsyslog.d/50-default.conf

但是所有 vhosts 错误都重定向到 apache 配置中提到的 syslog 的第一个条目。我的意思是两个虚拟主机错误日志都将转到“local1.* /var/log/apache2/modsec/sdemoqa.log”

感谢 infosec.pk

我尝试从我的 C 程序进行日志记录，但在 /var/log/messages 中我的程序中没有找到任何条目。那里还有其他最近的条目。

我正在使用 Fedora 17：Linux appliance.localdomain 3.5.3-1.fc17.i686 #1 SMP Wed Aug 29 19:25:38 UTC 2012 i686 i686 i386 GNU/Linux

我看到安装了这个日志包：rsyslog-5.8.10-2.fc17.i686

在 /etc/rsyslog.conf 中：

我的代码：

我们在 Linux 上有一个集中的 Syslog 服务器。公司已要求我将我们的项目日志发送到此服务器。

如何将我的 C# 应用程序日志发送到 Linux syslog 服务器？可能吗？

this is my rsyslog.conf template format:

but in the log file date of log is not in unixtimestap format.

所有主机都将所有日志发送到 RSyslog 服务器（版本 5.8.10）。

RSyslog 使用以下模板保存日志文件 -

所以来自 host11 的 windows 事件日志将被记录到 - /var/log/x/host/2013-09-24/host11/EvntSLog.log

我现在想设置 logrotate 以便将一整天的日志文件压缩并发送到“/nfs/archive/”。因此，归档时的上述日志文件应如下所示 - /nfs/archive/2013-09-24.tgz。请注意，我不是在压缩单个日志文件，而是在压缩整个目录。

我如何使用 logrotate/cron 来实现这一点？

I have connected two of my computers to form a network, with only an ethernet cable between them. They are both Ubuntu 12.04, and can ping each other without a problem. For the logs, I want to forward IP address 10.0.0.1 and the want I want to send to is 10.0.0.2.

I wanted to redirect the logs via TCP, so in the client I added the following line to the /etc/rsyslog.conf file, as I read in many how to guides, as follows:

Then in the machine with address 10.0.0.2, where I wanted the logs to be forwarded to I uncommented the lines below, again as I understand the correct configuration to be.

I can't see that I need to do anything else based on the guides I have read. I have restarted both machines, but I can't see anything in /var/log which suggests that another machines logs are being saved.

Where should they be being saved? Thanks for reading.

我想使用 rsyslog 发送到 Splunkstorm。我想将 Apache Access & Apache Errors 发送到同一个项目。根据这个答案，我可以创建两个单独的项目（对我来说这似乎浪费了最多允许的 3 个）或者我可以为我的事件添加一个标记。所以

1. 标记可以是任何值/对，例如tag=\"access\"和 tag=\"error\"（我正在使用 rsyslog $template 行语法）？
2. 我使用哪种源类型？系统日志 或通用单行数据
3. 这两个 rsyslog 配置看起来可以接受吗？access_log 是ncsa 组合，而 error_log 是 Apache 2.2 标准。

$template access,"<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% tag=\"access\"] %msg%"

$template error,"<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% tag=\"error\"] %msg%"

我使用 rsyslog 并想从我的应用程序中记录一些操作。日志记录工作正常，日志文件将被正确创建。

我格式化了输出，因为我想看到programname：

rsyslog.conf：

输出：

我总是得到#001，programname尽管它应该是“计算器”。有谁知道如何解决这个问题？

我在我的应用程序中创建了一个记录器实例：

//ident = "计算器"

//facility= LOG_USER /* (1<<3) 随机用户级消息 */

openlog(ident.c_str(), 0, 设施);

由于 syslog 错误日志记录在某些 Linux 发行版（如 arch Linux）中已过期，我正在寻找某种方法来记录 systemd 错误，但我找不到任何有关它的文档或资源。如果您知道使用 systemd 进行错误记录，请帮助我。

I have syslog successfully forwarding logs to an upstream server like so:

On the remoteserver I have something that talks syslog and listens on that port. To test, I have a simple log client that logs 100 messages a second to syslog.

This all works fine, and I have configured the queues above so that in the event that the remoteserver is unavailable, the queues start filling up, and then eventually messages get discarded, thus safeguarding syslog from blocking its logging clients.

When I stop the remote log sink on remoteserver:5544, syslog is still stable (queues filling up / full up), but when I restart the remote log sink a while later, rsyslog detects the server again, reestablishes a TCP connection

HOWEVER - syslog only forwards 1 message to it, despite the queue having many thousands of messages in it, and the logging client continuing to log 100 messages a second

How can I make syslog start forwarding messages again once it has detected the remoteserver is back up? (Without restarting syslog).

Am using rsyslog 4.6.2-2

I am using, and want to use TCP