Chinaunix首页 | 论坛 | 博客
  • 博客访问: 184980
  • 博文数量: 55
  • 博客积分: 1471
  • 博客等级: 上尉
  • 技术积分: 420
  • 用 户 组: 普通用户
  • 注册时间: 2010-12-08 14:00
文章分类

全部博文(55)

文章存档

2012年(5)

2011年(50)

分类: LINUX

2011-03-21 18:42:59

  1. # A commented quick reference and sample configuration
  2. # WARNING: This is not a manual, the full manual of rsyslog configuration is in
  3. # rsyslog.conf (5) manpage
  4. #
  5. # "$" starts lines that contain new directives. The full list of directives
  6. # can be found in /usr/share/doc/rsyslog-1.19.6/doc/rsyslog_conf.html or online
  7. # at if you do not have (or find) a local copy.
  8. #
  9. # Set syslogd options
  10. # Some global directives
  11. # ----------------------
  12. # $AllowedSender - specifies which remote systems are allowed to send syslog messages to rsyslogd
  13. # --------------
  14. $AllowedSender UDP, 127.0.0.1, 192.0.2.0/24, [::1]/128, *.example.net, somehost.example.com
  15. # $UMASK - specifies the rsyslogd processes' umask
  16. # ------
  17. $umask 0000
  18. # $FileGroup - Set the group for dynaFiles newly created
  19. # ----------
  20. $FileGroup loggroup
  21. # $FileOwner - Set the file owner for dynaFiles newly created.
  22. # ----------
  23. $FileOwner loguser
  24. # $IncludeConfig - include other files into the main configuration file
  25. # --------------
  26. $IncludeConfig /etc/some-included-file.conf # one file
  27. $IncludeConfig /etc/rsyslog.d/ # whole directory (must contain the final slash)
  28. # $ModLoad - Dynamically loads a plug-in and activates it
  29. # --------
  30. $ModLoad MySQL # load MySQL functionality
  31. $ModLoad /rsyslog/modules/somemodule.so # load a module via absolute path
  32. # Templates
  33. # ---------
  34. # Templates allow to specify any format a user might want.
  35. # They MUST be defined BEFORE they are used.
  36. # A template consists of a template directive, a name, the actual template text
  37. # and optional options. A sample is:
  38. #
  39. $template MyTemplateName,"\7Text %property% some more text\n",
  40. # where:
  41. # * $template - tells rsyslog that this line contains a template.
  42. # * MyTemplateName - template name. All other config lines refer to this name.
  43. # * "\7Text %property% some more text\n" - templage text
  44. # The backslash is an escape character, i.e. \7 rings the bell, \n is a new line.
  45. # To escape:
  46. # % = \%
  47. # \ = \\
  48. # Template options are case-insensitive. Currently defined are:
  49. # sql format the string suitable for a SQL statement. This will replace single
  50. # quotes ("'") by two single quotes ("''") to prevent the SQL injection
  51. # (NO_BACKSLASH_ESCAPES turned off)
  52. # stdsql - format the string suitable for a SQL statement that is to
  53. # be sent to a standards-compliant sql server.
  54. # (NO_BACKSLASH_ESCAPES turned on)
  55. # Properties inside templates
  56. # ---------------------------
  57. # Properties can be modified by the property replacer. They are accessed
  58. # inside the template by putting them between percent signs. The full syntax is as follows:
  59. # %propname:fromChar:toChar:options%
  60. # FromChar and toChar are used to build substrings.
  61. # If you need to obtain the first 2 characters of the
  62. # message text, you can use this syntax:
  63. "%msg:1:2%".
  64. # If you do not whish to specify from and to, but you want to
  65. # specify options, you still need to include the colons.
  66. # For example, to convert the full message text to lower case only, use
  67. # "%msg:::lowercase%".
  68. # The full list of property options can be found in rsyslog.conf(5) manpage
  69. # Samples of template definitions
  70. # -------------------------------
  71. # A template that resambles traditional syslogd file output:
  72. $template TraditionalFormat,"%timegenerated% %HOSTNAME% %syslogtag%%msg:::drop-last-lf%\n"
  73. # A more verbose template:
  74. $template precise,"%syslogpriority%,%syslogfacility%,%timegenerated::fulltime%,%HOSTNAME%,%syslogtag%,%msg%\n"
  75. # A template that resembles RFC 3164 on-the-wire format:
  76. # (yes, there is NO space betwen syslogtag and msg! that's important!)
  77. $template RFC3164fmt,"<%PRI%>%TIMESTAMP% %HOSTNAME% %syslogtag%%msg%"
  78. # a template resembling traditional wallmessage format:
  79. $template wallmsg,"\r\n\7Message from syslogd@%HOSTNAME% at %timegenerated% ...\r\n %syslogtag%%msg%\n\r"
  80. # The template below emulates winsyslog format, but we need to check the time
  81. # stamps used. It is also a good sampleof the property replacer in action.
  82. $template WinSyslogFmt,"%HOSTNAME%,%timegenerated:1:10:date-rfc3339%,%timegenerated:12:19:date-rfc3339%,%timegenerated:1:10:date-rfc3339%,%timegenerated:12:19:date-rfc3339%,%syslogfacility%,%syslogpriority%,%syslogtag%%msg%\n"
  83. # A template used for database writing (notice it *is* an actual
  84. # sql-statement):
  85. $template dbFormat,"insert into SystemEvents (Message, Facility,FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values ('%msg%', %syslogfacility%, '%HOSTNAME%',%syslogpriority%, '%timereported:::date-mysql%', '%timegenerated:::date-mysql%', %iut%, '%syslogtag%')",sql
  86. # Samples of rules
  87. # ----------------
  88. # Regular file
  89. # ------------
  90. *.* /var/log/traditionalfile.log;TraditionalFormat # log to a file in the traditional format
  91. # Forwarding to remote machine
  92. # ----------------------------
  93. *.* @172.19.2.16 # udp (standard for syslog)
  94. *.* @@172.19.2.17 # tcp
  95. # Database action
  96. # ---------------
  97. # (you must have rsyslog-mysql package installed)
  98. # !!! Don't forget to set permission of rsyslog.conf to 600 !!!
  99. *.* >hostname,dbname,userid,password # (default Monitorware schema, can be created by /usr/share/doc/rsyslog-mysql-1.19.6/createDB.sql)
  100. # And this one uses the template defined above:
  101. *.* >hostname,dbname,userid,password;dbFormat
  102. # Program to execute
  103. # ------------------
  104. *.* ^alsaunmute # set default volume to soundcard
  105. # Filter using regex
  106. # ------------------
  107. # if the user logges word rulez or rulezz or rulezzz or..., then we will shut down his pc
  108. # (note, that + have to be double backslashed...)
  109. :msg, regex, "rulez\\+" ^poweroff
  110. # A more complex example
  111. # ----------------------
  112. $template bla_logged,"%timegenerated% the BLA was logged"
  113. :msg, contains, "bla" ^logger;bla_logged
  114. # Pipes
  115. # -----
  116. # first we need to create pipe by # mkfifo /a_big_pipe
  117. *.* |/a_big_pipe
  118. # Discarding
  119. # ----------
  120. *.* ~ # discards everything
阅读(2070) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~