Linux
rsyslog 8 萬用字元停止發送
我們在使用 rsyslog8 萬用字元功能和預設情況下生成的帶有日期的日誌時遇到問題。Rsyslog 將在我第一次添加配置時發送日誌消息,但在最初處理文件後停止發送。以前我們使用過 nxlog 並且它有效,但我們希望標準化 rsyslog 上的所有內容,因為它是 CentOS 的預設設置。有任何想法嗎?
範例文件名:
server.2016-07-12.log
#### MODULES #### $ModLoad imuxsock # provides support for local system logging (e.g. via logger command) $ModLoad imklog # provides kernel logging support (previously done by rklogd) $ModLoad omrelp module(load="imfile" mode="inotify" ) #### GLOBAL DIRECTIVES #### # Use default timestamp format $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat $PreserveFQDN on # File syncing capability is disabled by default. This feature is usually not required, # not useful and an extreme performance hit #$ActionFileEnableSync on # Include all config files in /etc/rsyslog.d/ $IncludeConfig /etc/rsyslog.d/*.conf #### Filter #### if $programname == 'dhclient' and $syslogseverity == '6' then stop if $programname == 'snmpd' and ( $msg contains 'Connection from UDP' or $msg contains 'Received SNMP packet(s) from UDP' ) then stop #### RULES #### # Log all kernel messages to the console. # Logging much else clutters up the screen. #kern.* /dev/console # Log anything (except mail) of level info or higher. # Don't log private authentication messages or app logs! *.info;mail.none;authpriv.none;cron.none;local4.none /var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/secure # Log all the mail messages in one place. mail.* -/var/log/maillog # Log cron stuff cron.* /var/log/cron # Everybody gets emergency messages *.=emerg :omusrmsg:* # Save news errors of level crit and higher in a special file. uucp,news.crit /var/log/spooler # Save boot messages also to boot.log local7.* /var/log/boot.log #Queuing setup $WorkDirectory /var/spool/rsyslog # where to place spool files $ActionResumeInterval 10 $ActionQueueSize 100000 $ActionQueueDiscardMark 97500 $ActionQueueHighWaterMark 80000 $ActionQueueType LinkedList $ActionQueueFileName queue $ActionQueueCheckpointInterval 100 $ActionQueueMaxDiskSpace 2g $ActionResumeRetryCount -1 $ActionQueueSaveOnShutdown on $ActionQueueTimeoutEnqueue 10 $ActionQueueDiscardSeverity 0 #SSL Configuration $DefaultNetstreamDriverCAFile /etc/ssl/certs/cert.pem $ActionSendStreamDriver gtls $ActionSendStreamDriverMode 1 $ActionSendStreamDriverAuthMode x509/name $ActionSendStreamDriverPermittedPeer log.domain.com *.info;mail.none;authpriv.none;cron.none;local4.* @@log.domain.com:5514 #Server Log File input(type="imfile" File="/var/log/server/*.log" Tag="server_log" Severity="error" Facility="local4")
我發現我在 /var/spool/rsyslog 中有舊的狀態文件。刪除後一切都按預期工作。