我通过 rsyslog 引入日志文件,我的配置如下所示:
root@rhel:/etc/rsyslog.d# head mail_prod_logs.conf
if $fromhost-ip=="10.10.10.10" and $programname=="AMP_Logs" then -/var/log/mail_logs/amp.log
我的日志全部存储在该/var/log/mail_logs/amp.log文件夹中:
Oct 18 13:29:28 server.com AMP_Logs: Info: Begin Logfile
Oct 18 14:29:28 server.com AMP_Logs: Info: Version: 12.1.0-000 SN: .....
Oct 18 14:29:28 server.com AMP_Logs: Info: Time offset from UTC: -14400 seconds
Oct 18 15:29:23 server.com AMP_Logs: Info: Response received for.....
Oct 18 15:29:23 server.com AMP_Logs: Info: File reputation query.....
Oct 19 13:29:23 server.com AMP_Logs: Info: Response received for fil....
Oct 19 13:29:58 server.com AMP_Logs: Info: File reputation query ....
Oct 19 13:29:58 server.com AMP_Logs: Info: File reputation query ....
我想使用datetime日志的一部分将这些数据放入月份内的每日文件夹内的每小时文件夹中,同时通过编辑来获取数据mail_prod_logs.conf。
因此它看起来像:
/var/log/mail_logs/Sep/30/23.log
/var/log/mail_logs/Oct/01/00.log
/var/log/mail_logs/Oct/01/01.log
/var/log/mail_logs/Oct/01/02.log
...
我怎样才能做到这一点?