# 日志收集端,存放客户端发送过来的日志
1、开启tcp接收 [root@localhost ~]# cat /etc/rsyslog.conf |grep -vE "^#|^$" | grep 514 $InputTCPServerRun 514 2、创建配置文件,定义存储路径。 [root@localhost ~]# cat /etc/rsyslog.d/119.conf $template NginxLog, "/var/log/nginx/%FROMHOST-IP%/%$YEAR%-%$MONTH%-%$DAY%/%PROGRAMNAME%.log" if $programname == 'nginx-access' then -?NginxLog if $programname == 'nginx-error' then -?NginxLog %FROMHOST-IP% 以客户端ip命名目录 %$YEAR%-%$MONTH%-%$DAY% 年月日命名目录 %PROGRAMNAME%.log" 等于客户端中InputFileTag的值 最终效果如下: [root@localhost ~]# ll /var/log/nginx/192.168.6.119/2024-04-07/* -rw------- 1 root root 1997 Apr 7 02:10 /var/log/nginx/192.168.6.119/2024-04-07/nginx-access.log -rw------- 1 root root 1694 Apr 7 02:10 /var/log/nginx/192.168.6.119/2024-04-07/nginx-error.log 目录会自动创建,不需要手动提前建好。 [root@localhost ~]# systemctl restart rsyslog
# 日志发送端
[root@localhost ~]# cat /etc/rsyslog.d/nginx.conf $ModLoad imfile $InputFilePollInterval 5 $WorkDirectory /var/spool/rsyslog $PrivDropToGroup root $InputFileName /var/log/nginx/access.log $InputFileTag nginx-access: $InputFileStateFile stat-nginx-access $InputFileSeverity info $InputFilePersistStateInterval 25000 $InputRunFileMonitor $InputFileName /var/log/nginx/error.log $InputFileTag nginx-error: $InputFileStateFile stat-nginx-error $InputFileSeverity info $InputFilePersistStateInterval 25000 $InputRunFileMonitor *.* @@192.168.6.114:514 # @@是以tcp方式发送到目标ip的514端口。
原创文章,转载请注明。本文链接地址: https://www.rootop.org/pages/5421.html