Chinaunix首页 | 论坛 | 博客

熙熙攘攘anmile.blog.chinaunix.net

首页 |  博文目录 |  关于我

anmile

  • 博客访问: 183525
  • 博文数量: 55
  • 博客积分: 1471
  • 博客等级: 上尉
  • 技术积分: 420
  • 用 户 组: 普通用户
  • 注册时间: 2010-12-08 14:00
文章分类

全部博文(55)

文章存档

2012年(5)

2011年(50)

我的朋友
最近访客
推荐博文
相关博文
rsyslog-example.conf

分类: LINUX

2011-03-21 18:42:59

  1. # A commented quick reference and sample configuration
  3. # WARNING: This is not a manual, the full manual of rsyslog configuration is in
  5. # rsyslog.conf (5) manpage
  7. #
  9. # "$" starts lines that contain new directives. The full list of directives
  11. # can be found in /usr/share/doc/rsyslog-1.19.6/doc/rsyslog_conf.html or online
  13. # at if you do not have (or find) a local copy.
  15. #
  17. # Set syslogd options
  21. # Some global directives
  23. # ----------------------
  27. # $AllowedSender - specifies which remote systems are allowed to send syslog messages to rsyslogd
  29. # --------------
  31. $AllowedSender UDP, 127.0.0.1, 192.0.2.0/24, [::1]/128, *.example.net, somehost.example.com
  35. # $UMASK - specifies the rsyslogd processes' umask
  37. # ------
  39. $umask 0000
  43. # $FileGroup - Set the group for dynaFiles newly created
  45. # ----------
  47. $FileGroup loggroup
  51. # $FileOwner - Set the file owner for dynaFiles newly created.
  53. # ----------
  55. $FileOwner loguser
  59. # $IncludeConfig - include other files into the main configuration file
  61. # --------------
  63. $IncludeConfig /etc/some-included-file.conf # one file
  65. $IncludeConfig /etc/rsyslog.d/ # whole directory (must contain the final slash)
  69. # $ModLoad - Dynamically loads a plug-in and activates it
  71. # --------
  73. $ModLoad MySQL # load MySQL functionality
  75. $ModLoad /rsyslog/modules/somemodule.so # load a module via absolute path
  83. # Templates
  85. # ---------
  89. # Templates allow to specify any format a user might want.
  91. # They MUST be defined BEFORE they are used.
  95. # A template consists of a template directive, a name, the actual template text
  97. # and optional options. A sample is:
  99. #
  101. $template MyTemplateName,"\7Text %property% some more text\n",
  105. # where:
  107. # * $template - tells rsyslog that this line contains a template.
  109. # * MyTemplateName - template name. All other config lines refer to this name.
  111. # * "\7Text %property% some more text\n" - templage text
  115. # The backslash is an escape character, i.e. \7 rings the bell, \n is a new line.
  117. # To escape:
  119. # % = \%
  121. # \ = \\
  125. # Template options are case-insensitive. Currently defined are:
  127. # sql format the string suitable for a SQL statement. This will replace single
  129. # quotes ("'") by two single quotes ("''") to prevent the SQL injection
  131. # (NO_BACKSLASH_ESCAPES turned off)
  133. # stdsql - format the string suitable for a SQL statement that is to
  135. # be sent to a standards-compliant sql server.
  137. # (NO_BACKSLASH_ESCAPES turned on)
  145. # Properties inside templates
  147. # ---------------------------
  151. # Properties can be modified by the property replacer. They are accessed
  153. # inside the template by putting them between percent signs. The full syntax is as follows:
  157. # %propname:fromChar:toChar:options%
  161. # FromChar and toChar are used to build substrings.
  163. # If you need to obtain the first 2 characters of the
  165. # message text, you can use this syntax:
  167. "%msg:1:2%".
  169. # If you do not whish to specify from and to, but you want to
  171. # specify options, you still need to include the colons.
  175. # For example, to convert the full message text to lower case only, use
  177. # "%msg:::lowercase%".
  181. # The full list of property options can be found in rsyslog.conf(5) manpage
  189. # Samples of template definitions
  191. # -------------------------------
  195. # A template that resambles traditional syslogd file output:
  197. $template TraditionalFormat,"%timegenerated% %HOSTNAME% %syslogtag%%msg:::drop-last-lf%\n"
  201. # A more verbose template:
  203. $template precise,"%syslogpriority%,%syslogfacility%,%timegenerated::fulltime%,%HOSTNAME%,%syslogtag%,%msg%\n"
  207. # A template that resembles RFC 3164 on-the-wire format:
  209. # (yes, there is NO space betwen syslogtag and msg! that's important!)
  211. $template RFC3164fmt,"<%PRI%>%TIMESTAMP% %HOSTNAME% %syslogtag%%msg%"
  215. # a template resembling traditional wallmessage format:
  217. $template wallmsg,"\r\n\7Message from syslogd@%HOSTNAME% at %timegenerated% ...\r\n %syslogtag%%msg%\n\r"
  221. # The template below emulates winsyslog format, but we need to check the time
  223. # stamps used. It is also a good sampleof the property replacer in action.
  225. $template WinSyslogFmt,"%HOSTNAME%,%timegenerated:1:10:date-rfc3339%,%timegenerated:12:19:date-rfc3339%,%timegenerated:1:10:date-rfc3339%,%timegenerated:12:19:date-rfc3339%,%syslogfacility%,%syslogpriority%,%syslogtag%%msg%\n"
  229. # A template used for database writing (notice it *is* an actual
  231. # sql-statement):
  233. $template dbFormat,"insert into SystemEvents (Message, Facility,FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values ('%msg%', %syslogfacility%, '%HOSTNAME%',%syslogpriority%, '%timereported:::date-mysql%', '%timegenerated:::date-mysql%', %iut%, '%syslogtag%')",sql
  241. # Samples of rules
  243. # ----------------
  245. # Regular file
  247. # ------------
  249. *.* /var/log/traditionalfile.log;TraditionalFormat # log to a file in the traditional format
  253. # Forwarding to remote machine
  255. # ----------------------------
  257. *.* @172.19.2.16 # udp (standard for syslog)
  259. *.* @@172.19.2.17 # tcp
  263. # Database action
  265. # ---------------
  267. # (you must have rsyslog-mysql package installed)
  269. # !!! Don't forget to set permission of rsyslog.conf to 600 !!!
  271. *.* >hostname,dbname,userid,password # (default Monitorware schema, can be created by /usr/share/doc/rsyslog-mysql-1.19.6/createDB.sql)
  275. # And this one uses the template defined above:
  277. *.* >hostname,dbname,userid,password;dbFormat
  281. # Program to execute
  283. # ------------------
  285. *.* ^alsaunmute # set default volume to soundcard
  289. # Filter using regex
  291. # ------------------
  293. # if the user logges word rulez or rulezz or rulezzz or..., then we will shut down his pc
  295. # (note, that + have to be double backslashed...)
  297. :msg, regex, "rulez\\+" ^poweroff
  301. # A more complex example
  303. # ----------------------
  305. $template bla_logged,"%timegenerated% the BLA was logged"
  307. :msg, contains, "bla" ^logger;bla_logged
  311. # Pipes
  313. # -----
  315. # first we need to create pipe by # mkfifo /a_big_pipe
  317. *.* |/a_big_pipe
  321. # Discarding
  323. # ----------
  325. *.* ~ # discards everything
阅读(2064) | 评论(0) | 转发(0) |
0

上一篇:Text File Input Module(rsyslog modules imfile)

下一篇:mdadm使用详解及RAID 5简单分析

给主人留下些什么吧!~~
关于我们 | 关于IT168 | 联系方式 | 广告合作 | 法律声明 | 免费注册

Copyright 2001-2010 ChinaUnix.net All Rights Reserved 北京皓辰网域网络信息技术有限公司. 版权所有

感谢所有关心和支持过ChinaUnix的朋友们

16024965号-6