如何将特定文件转发到syslogserver

发布于 2025-01-10 01:50:27 字数 654 浏览 0 评论 0原文

我有一个服务应用程序，将其日志写入 /home/my_app/logs.txt

我试图将此日志转发到集中式系统日志服务器，但似乎日志未转发。

- 到目前为止我所做的 -

我在 /etc/rsyslog./forward.conf 中创建一个新文件

 操作(type="omfile" file="/home/my_app/logs.txt")
 停止
 $ActionQueueSaveOnShutdown on # 关闭时将消息保存到磁盘
 $ActionQueueType LinkedList # 异步运行
 $ActionResumeRetryCount -1 # 如果主机关闭则无限重试
 *.* @@mySyslogServer:514;RSYSLOG_ForwardFormat

更新我的日志文件并检查新行是否传递到 syslog 服务器端
<块引用>
vi //home/my_app/logs.txt ##添加行并保存

新日志未转发到 syslogserver。

我还检查了相关帖子，但我看到日志文件在journalctl中是可访问的（可见），但我无法将该服务添加到systemd，所以我必须找到一种方法来使用它已经生成的文件。

原文

I have a service application which write its logs at /home/my_app/logs.txt

I'm trying to forward this logs to a centralized syslog server but it seems that logs are not forwarded.

-What I have done so far -

I create a new file in /etc/rsyslog./forward.conf

 action(type="omfile" file="/home/my_app/logs.txt")
 stop
 $ActionQueueSaveOnShutdown on    # save messages to disk on shutdown
 $ActionQueueType LinkedList      # run asynchronously
 $ActionResumeRetryCount -1       # infinite retries if host is down
 *.* @@mySyslogServer:514;RSYSLOG_ForwardFormat

Update my logfile and check if the new line passed to syslog server side
vi //home/my_app/logs.txt ##add line and save

New log did not forwarded to syslogserver.

I have checked also relative posts but I saw that log file was accesible (visible) in journalctl but I can't add that service to systemd so I have to find out a way to use the file that its already generated.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

街角迷惘 2025-01-17 01:50:27

首先，

您不能只向日志文件添加新行并期望将其发送到远程系统日志服务器。为了进行测试，您可以在 shell 中使用 logger 命令，例如 logger "Hello to messages.txt"，然后该命令应转发到系统日志服务器。

我不确定它如何与“旧”（已弃用）rsyslog 语法一起使用。不过，使用“新”高级语法，日志转发将如下所示：

*.* {
    # Local
    action(type="omfile" file="/home/my_app/logs.txt")

    # Syslog over UDP
    action(type="omfwd" target="192.168.1.2" port="514" protocol="udp"
        queue.type="linkedlist" queue.saveOnShutdown="on"queue.resumeRetryCount="-1")
}

这会将所有消息本地记录到/home/my_app/logs.txt并将所有日志转发到192.168.1.2 上的系统日志服务器。

注意：您仍然需要调整 /etc/rsyslog.conf 文件以包含所有配置文件（/etc/rsyslog.d/ 中的文件>)，包含模块并定义消息模板。

从您的帖子中不清楚您是否已经这样做了。

PS我更喜欢使用 queue.type="fixedarray" 因为它更快（在大多数情况下）。

First things first:

You can't just add a new line to the log file and expect it to be sent to the remote syslog server. For testing, you can use the logger command in the shell, e.g. logger "Hello to logs.txt" which then should be forwarded to the syslog server.

I'm not sure, how it works with the "old" (deprecated) rsyslog syntax. Using the "new" advanced syntax though, log forwarding would look like this:

*.* {
    # Local
    action(type="omfile" file="/home/my_app/logs.txt")

    # Syslog over UDP
    action(type="omfwd" target="192.168.1.2" port="514" protocol="udp"
        queue.type="linkedlist" queue.saveOnShutdown="on"queue.resumeRetryCount="-1")
}

This will log all messages locally to /home/my_app/logs.txt and forward all logs to the syslog server on 192.168.1.2.

NOTE: You still need to adjust your /etc/rsyslog.conf file to include all configs files (files in /etc/rsyslog.d/), include modules and define a messages template.

It's not clear from your post if you've done this.

P.S. I prefer to use queue.type="fixedarray" as it is faster (in most cases).

回复收藏 0 原文

~没有更多了~