rsyslog 将不需要的文本添加到出站日志数据

rsyslog 将不需要的文本添加到出站日志数据

我正在使用 rsyslog 将访问和错误日​​志数据发送到远程服务器。界面已就位,但我在出站日志数据中收到了一些额外的文本,这些文本未包含在/var/log/http/access_log.

这是 access_log 条目的片段。 1.1.1.1是我的IP地址,99.99.99.99是应用程序服务器的IP。

1.1.1.1 99.99.99.99 - - [29/Jun/2015:11:57:58 -0400]“GET /somepage.php HTTP/1.1”200 443 20


tcpdump -vv -s 0 -A dst port 514rsyslog使用appserver(发送机器)发送的相应出站日志数据:

<173>Jun 29 11:57:58 应用程序服务器编码器:1.1.1.1 99.99.99.99 - - [29/Jun/2015:11:57:58 -0400]“GET /somepage.php HTTP/1.1”200 443 20

如何删除出站日志数据的前几段?具体来说:

Jun 29 11:57:58 appserver acoder: 

我希望删除该字符串,以便发送的唯一内容正是上面第一个引用中显示的 access_log 中的内容。

httpd.conf

#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
# LogLevel warn
LogLevel debug

#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).

LogFormat "%h %A %l %u %t \"%r\" %>s %p %b" combined
LogFormat "%h %A %l %u %t \"%r\" %>s %p %b" common

LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

rsyslog.conf

# rsyslog v5 configuration file

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html

#### MODULES ####

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog   # provides kernel logging support (previously done by rklogd)

#### GLOBAL DIRECTIVES ####

# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf


#### RULES ####

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog

# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 *

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log

# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.

local5.*;local6.* @syslog.my.organization.tld:514

# ### end of the forwarding rule ###

答案1

您尝试删除的部分是由接收rsyslog守护程序而不是发送者写入的,因此无法删除。它们是rsyslog.

相关内容