1. 首頁
  2. 問答
  3. 將日誌發送到多個rsyslog服務器

將日誌發送到多個rsyslog服務器

2013-08-22 79 views
1

當我嘗試將數據發送到多個rsyslog服務器時,它僅挑選第一個轉發規則並忽略其餘部分。將日誌發送到多個rsyslog服務器

我的rsyslog客戶端conf文件。

$WorkDirectory /var/tmp/rsyslog/work 

$DefaultNetstreamDriverCAFile /usr/local/abc/certs/syslog_ca.crt 
$DefaultNetstreamDriver gtls # use gtls netstream driver 

### Forwarding rules #1 
$ActionSendStreamDriverMode 1 # require TLS for the connection 
$ActionSendStreamDriverAuthMode anon # server is NOT authenticated 
$ActionQueueType LinkedList # use asynchronous processing 
$ActionQueueFileName srvrfwd # set file name, also enables disk mode 
$ActionResumeRetryCount -1 # infinite retries on insert failure 
$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down 
if $syslogtag contains 'error' then @@rsyslog.abc.com:10514 
& ~ 
### 

### Forwarding rules #2 
$ActionSendStreamDriverMode 1 # require TLS for the connection 
$ActionSendStreamDriverAuthMode anon # server is NOT authenticated 
$ActionQueueType LinkedList # use asynchronous processing 
$ActionQueueFileName srvrfwd1 # set file name, also enables disk mode 
$ActionResumeRetryCount -1 # infinite retries on insert failure 
$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down 
if $syslogtag contains 'error' then @@rsyslog1.abc.com:10514 
& ~ 
###

如果我評論排斥規則#1,它採取規則#2。

來源

2013-08-22 Chucks

回答

2

從rsyslog現在文件:(http://www.rsyslog.com/storing-messages-from-a-remote-system-into-a-specific-file/

下一行(「&〜」)是很重要的:它告訴rsyslog現在停止 處理消息它寫入日誌

這樣(normaly)工作原理:

$WorkDirectory /var/tmp/rsyslog/work 

$DefaultNetstreamDriverCAFile /usr/local/abc/certs/syslog_ca.crt 
$DefaultNetstreamDriver gtls # use gtls netstream driver 

### Forwarding rules #1 
$ActionSendStreamDriverMode 1 # require TLS for the connection 
$ActionSendStreamDriverAuthMode anon # server is NOT authenticated 
$ActionQueueType LinkedList # use asynchronous processing 
$ActionQueueFileName srvrfwd # set file name, also enables disk mode 
$ActionResumeRetryCount -1 # infinite retries on insert failure 
$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down 
if $syslogtag contains 'error' then @@rsyslog.abc.com:10514 
### 

### Forwarding rules #2 
$ActionSendStreamDriverMode 1 # require TLS for the connection 
$ActionSendStreamDriverAuthMode anon # server is NOT authenticated 
$ActionQueueType LinkedList # use asynchronous processing 
$ActionQueueFileName srvrfwd1 # set file name, also enables disk mode 
$ActionResumeRetryCount -1 # infinite retries on insert failure 
$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down 
if $syslogtag contains 'error' then @@rsyslog1.abc.com:10514 
& ~ 
###

或者SIMPL y:

$WorkDirectory /var/tmp/rsyslog/work 

$DefaultNetstreamDriverCAFile /usr/local/abc/certs/syslog_ca.crt 
$DefaultNetstreamDriver gtls # use gtls netstream driver 

$ActionSendStreamDriverMode 1 # require TLS for the connection 
$ActionSendStreamDriverAuthMode anon # server is NOT authenticated 
$ActionQueueType LinkedList # use asynchronous processing 
$ActionQueueFileName srvrfwd # set file name, also enables disk mode 
$ActionResumeRetryCount -1 # infinite retries on insert failure 
$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down 
if $syslogtag contains 'error' then @@rsyslog.abc.com:10514 
& @@rsyslog1.abc.com:10514 
###

來源

2013-08-23 07:36:33 Pwu

+0

Thanks Pwu。有效。 – Chucks

相關問題

 相關問題