我想将rsyslog 8.4.2-1所有 syslog 消息转发 () 到 上的端口127.0.0.1。为此,我在 中添加了一个文件/etc/rsyslog.d/expose-42000.conf:
*.* @127.0.0.1:42000
重新启动 rsyslog 后(日志中没有错误消息)我尝试监听传入的消息:
netcat -u 127.0.0.1 42000
尽管 中出现了消息,但却没有任何输出/var/log/syslog。
为了确保文件确实包含在内,我在调试模式下运行了 rsyslogd,并且看到包含发生了:
# rsyslogd -dn
(...)
8836.556859167:main thread : requested to include config file '/etc/rsyslog.d/expose-42000.conf'
8836.556895084:main thread : config parser: pushed file /etc/rsyslog.d/expose-42000.conf on top of stack
Next token is token PRIFILT ()
Shifting token PRIFILT ()
Entering state 14
Reading a token: Next token is token LEGACY_ACTION ()
Shifting token LEGACY_ACTION ()
Entering state 12
Reducing stack by rule 35 (line 168):
$1 = token LEGACY_ACTION ()
8836.557893160:main thread : tried selector action for builtin:omfile: -2001
8836.557908388:main thread : tried selector action for builtin:ompipe: -2001
8836.557923233:main thread : tried selector action for builtin-shell: -2001
8836.558022055:main thread : tried selector action for builtin:omdiscard: -2001
8836.558038075:main thread : tried selector action for builtin:omfwd: 0
8836.558052488:main thread : Module builtin:omfwd processes this action.
8836.558136499:main thread : template: 'RSYSLOG_TraditionalForwardFormat' assigned
8836.558160039:main thread : action 1 queue: parameter dump:
8836.558174916:main thread : action 1 queue: queue.filename '[NONE]'
8836.558273542:main thread : action 1 queue: queue.size: 1000
8836.558288080:main thread : action 1 queue: queue.dequeuebatchsize: 16
8836.558302414:main thread : action 1 queue: queue.maxdiskspace: 0
8836.558368788:main thread : action 1 queue: queue.highwatermark: -1
8836.558384865:main thread : action 1 queue: queue.lowwatermark: -1
8836.558413762:main thread : action 1 queue: queue.fulldelaymark: -1
8836.558442666:main thread : action 1 queue: queue.lightdelaymark: -1
8836.558470770:main thread : action 1 queue: queue.discardmark: 980
8836.558552633:main thread : action 1 queue: queue.discardseverity: 8
8836.558594909:main thread : action 1 queue: queue.checkpointinterval: 0
8836.558608920:main thread : action 1 queue: queue.syncqueuefiles: 0
8836.558623042:main thread : action 1 queue: queue.type: 3 [Direct]
8836.558691335:main thread : action 1 queue: queue.workerthreads: 1
8836.558727077:main thread : action 1 queue: queue.timeoutshutdown: 0
8836.558741599:main thread : action 1 queue: queue.timeoutactioncompletion: 1000
8836.558827751:main thread : action 1 queue: queue.timeoutenqueue: 50
8836.558855694:main thread : action 1 queue: queue.timeoutworkerthreadshutdown: 60000
8836.558869846:main thread : action 1 queue: queue.workerthreadminimummessages: -1
8836.558884102:main thread : action 1 queue: queue.maxfilesize: 1048576
8836.558950182:main thread : action 1 queue: queue.saveonshutdown: 1
8836.558983020:main thread : action 1 queue: queue.dequeueslowdown: 0
8836.558997187:main thread : action 1 queue: queue.dequeuetimebegin: 0
8836.559011113:main thread : action 1 queue: queuedequeuetimend.: 25
8836.559025491:main thread : Action 0xb97a40: queue 0xb99120 created
-> $$ = nterm s_act ()
Stack now 0 1 14
Entering state 22
Reducing stack by rule 32 (line 164):
$1 = nterm s_act ()
-> $$ = nterm actlst ()
Stack now 0 1 14
Entering state 21
Reading a token: 8836.559386173:main thread : config parser: reached end of file /etc/rsyslog.d/expose-42000.conf
8836.559390418:main thread : config parser: resume parsing of file /etc/rsyslog.conf at line 51
(...)
我是否遗漏了什么?
答案1
我认为一切都很好,但是你的 netcat 使用情况。
我逐字逐句地记下了你的配置更改,运行了 syslogd -dn
但后来我运行了这个:
nc -u -l -p 42000
并按预期获取了日志。-l用于监听。您的命令正在尝试连接到非开放/监听的 UDP 端口。