客户端的 Rsyslog 过滤器

Question 1

我们的配置有一些额外的错误检查，以防止随机主机生成日志。

# Templates                    
$template RemoteHost,"/data/log/remote/%HOSTNAME%/%$YEAR%/%$MONTH%-%$DAY%.log"
$template Garbage,"/data/log/remote/GARBAGE/%HOSTNAME%/%$YEAR%/%$MONTH%-%$DAY%.log"

# Discard SNMPD Connection Messages
if $programname == 'snmpd' and ( $msg contains 'Connection from UDP' or $msg contains 'Received SNMP packet(s) from UDP' ) then ~

# Archival Storage
#    All Messages, locally and remote stored to these rules
if $hostname contains '.mydomain.com' or $hostname contains '.myotherdomain.com' or $hostname contains '.local' then { 
  *.* ?RemoteHost 
} else { 
  *.* ?Garbage
}

# If not sourced locally, stop processing message.
:source , !isequal , "syslog1" ~

Answer

我们的配置有一些额外的错误检查，以防止随机主机生成日志。

# Templates                    
$template RemoteHost,"/data/log/remote/%HOSTNAME%/%$YEAR%/%$MONTH%-%$DAY%.log"
$template Garbage,"/data/log/remote/GARBAGE/%HOSTNAME%/%$YEAR%/%$MONTH%-%$DAY%.log"

# Discard SNMPD Connection Messages
if $programname == 'snmpd' and ( $msg contains 'Connection from UDP' or $msg contains 'Received SNMP packet(s) from UDP' ) then ~

# Archival Storage
#    All Messages, locally and remote stored to these rules
if $hostname contains '.mydomain.com' or $hostname contains '.myotherdomain.com' or $hostname contains '.local' then { 
  *.* ?RemoteHost 
} else { 
  *.* ?Garbage
}

# If not sourced locally, stop processing message.
:source , !isequal , "syslog1" ~

Question 2

现在它正常工作了。这是一个权限问题。我检查了日志文件touch并修复了它。chmod

Answer

现在它正常工作了。这是一个权限问题。我检查了日志文件touch并修复了它。chmod

客户端的 Rsyslog 过滤器

答案1

答案2

相关内容