我正在尝试让 nginx 直接将日志记录到 piwik。我无法让 rsyslog 接受某些 syslog-ng 语法。rsyslog 文档说 syslog-ng conf 与它兼容。
source s_nginx_20 { pipe("/var/lib/nginx/access.log" program_override("nginx-access-log")); };
filter f_nginx_20 { match("nginx-access-log" value("PROGRAM")); };
destination d_piwik { program("/path/to/piwik.sh" template("$MSG\n")); };
log { source(s_nginx_20); filter(f_nginx_20); destination(d_piwik); };
上述结果如下:
Mar 3 02:05:21 CentOS-65-64-minimal kernel: imklog 5.8.10, log source = /proc/kmsg started.
Mar 3 02:05:21 CentOS-65-64-minimal rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="24662" x-info="http://www.rsyslog.com"] start
Mar 3 02:05:21 CentOS-65-64-minimal rsyslogd-3000: unknown priority name "log"" [try http://www.rsyslog.com/e/3000 ]
Mar 3 02:05:21 CentOS-65-64-minimal rsyslogd: the last error occured in /etc/rsyslog.d/nginx.conf, line 1:"source s_nginx_20 { pipe("/var/lib/nginx/access.log" program_override("nginx-access-log")); };"
Mar 3 02:05:21 CentOS-65-64-minimal rsyslogd: warning: selector line without actions will be discarded
Mar 3 02:05:21 CentOS-65-64-minimal rsyslogd-3000: unknown priority name "" [try http://www.rsyslog.com/e/3000 ]
Mar 3 02:05:21 CentOS-65-64-minimal rsyslogd: the last error occured in /etc/rsyslog.d/nginx.conf, line 4:"filter f_nginx_20 { match("nginx-access-log" value("PROGRAM")); };"
Mar 3 02:05:21 CentOS-65-64-minimal rsyslogd: warning: selector line without actions will be discarded
Mar 3 02:05:21 CentOS-65-64-minimal rsyslogd-3000: unknown priority name "sh"" [try http://www.rsyslog.com/e/3000 ]
Mar 3 02:05:21 CentOS-65-64-minimal rsyslogd: the last error occured in /etc/rsyslog.d/nginx.conf, line 8:"destination d_piwik { program("/home/fsdownload/piwik.sh" template("$MSG\n")); };"
Mar 3 02:05:21 CentOS-65-64-minimal rsyslogd: warning: selector line without actions will be discarded
Mar 3 02:05:21 CentOS-65-64-minimal rsyslogd-3000: unknown priority name "" [try http://www.rsyslog.com/e/3000 ]
Mar 3 02:05:21 CentOS-65-64-minimal rsyslogd: the last error occured in /etc/rsyslog.d/nginx.conf, line 10:"log { source(s_nginx_20); filter(f_nginx_20); destination(d_piwik); };"
Mar 3 02:05:21 CentOS-65-64-minimal rsyslogd: warning: selector line without actions will be discarded
Mar 3 02:05:21 CentOS-65-64-minimal rsyslogd: the last error occured in /etc/rsyslog.conf, line 31:"$IncludeConfig /etc/rsyslog.d/*.conf"
Mar 3 02:05:21 CentOS-65-64-minimal rsyslogd-2124: CONFIG ERROR: could not interpret master config file '/etc/rsyslog.conf'. [try http://www.rsyslog.com/e/2124 ]
任何帮助或建议都将不胜感激。配置片段从这里修改而来:http://syshero.org/post/68174083489/nginx-syslog-ing-without-breaking-the-bank-or-patching
有关让 piwik 与 nginx 协同工作的信息如下:https://github.com/piwik/piwik/tree/master/misc/log-analytics
答案1
Debian wheezy,rsyslog 5.8.11
nginx.conf 和 piwik.sh 与 piwik 文档中的完全相同(https://github.com/piwik/piwik/tree/master/misc/log-analytics)
Rsyslog配置:
/etc/rsyslog.d/piwik.conf
$ModLoad omprog
$ActionOMProgBinary /usr/local/bin/piwik.sh
$template nginxlog,"%msg%\n"
if $syslogtag contains 'nginx' and $syslogfacility-text == 'local6' then :omprog:;nginxlog
:syslogtag, contains, "nginx" ~
答案2
我弄清楚了如何在 Centos 6 附带的 rsyslog 下执行此操作。必须使用文本文件输入模块的旧格式。
$ModLoad imfile # needs to be done just once
# File 1
$InputFileName /var/lib/nginx/access.log
$InputFileTag nginx_log:
$InputFileStateFile /var/lib/rsyslog/nginx_statefile1
$InputFileSeverity info
$InputFileFacility local7
$InputFilePollInterval 5
$InputRunFileMonitor
if $syslogtag contains 'nginx_log' and $syslogfacility-text == 'local7' then ^/path/to/piwik.sh;nginxlog
:syslogtag, contains, "nginx_log" ~