我正在使用 rsyslog 将访问和错误日志数据发送到远程服务器。界面已就位,但我在出站日志数据中收到了一些额外的文本,这些文本未包含在/var/log/http/access_log
.
这是 access_log 条目的片段。 1.1.1.1是我的IP地址,99.99.99.99是应用程序服务器的IP。
1.1.1.1 99.99.99.99 - - [29/Jun/2015:11:57:58 -0400]“GET /somepage.php HTTP/1.1”200 443 20
tcpdump -vv -s 0 -A dst port 514
rsyslog使用appserver(发送机器)发送的相应出站日志数据:
<173>Jun 29 11:57:58 应用程序服务器编码器:1.1.1.1 99.99.99.99 - - [29/Jun/2015:11:57:58 -0400]“GET /somepage.php HTTP/1.1”200 443 20
如何删除出站日志数据的前几段?具体来说:
Jun 29 11:57:58 appserver acoder:
我希望删除该字符串,以便发送的唯一内容正是上面第一个引用中显示的 access_log 中的内容。
httpd.conf
#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
# LogLevel warn
LogLevel debug
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
LogFormat "%h %A %l %u %t \"%r\" %>s %p %b" combined
LogFormat "%h %A %l %u %t \"%r\" %>s %p %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
rsyslog.conf
# rsyslog v5 configuration file
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
#### MODULES ####
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
#### GLOBAL DIRECTIVES ####
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
#### RULES ####
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
local5.*;local6.* @syslog.my.organization.tld:514
# ### end of the forwarding rule ###
答案1
您尝试删除的部分是由接收rsyslog
守护程序而不是发送者写入的,因此无法删除。它们是rsyslog
.