rsyslog重写主机名之前继电器
我正在在多租户环境中设置RSYSLOG,以中央服务器中央服务器。因为它是多授生的,所以我想在第一个RSYSLOG服务器的主机名中以特定于客户的预先启动前缀,然后再将到中央服务器。我原本计划手动设置前缀,但是,前缀是在服务器上的另一个文件中配置的,如果可以从该文件收集此前缀,那就更好了。
由于第一台服务器将来自多个主机中继,因此预端必须是一个动态重写,其中包含原始主机名,而不是所有条目的硬编码覆盖相同的主机名,我在某些示例中看到了。
理想情况下,我正在尝试做的是通过以下伪代码进行总结:
ruleset(name="myrule"){
set $hostname = "<prefix>-%HOSTNAME%"
action(type="omfwd" target="remote-ip")
}
我将对中间继电器和中央服务器负责,但是每个中继可以托管多个客户,因此我认为重写无法完成。中央服务器,但我对这两个层都有完全控制。每个客户都是通过专用界面连接的,我正计划为每个接口和规则集配置的输入附加一个单独的规则集,以包含特定于客户的前缀。因此,我认为配置需要在继电器上进行,但是如果有不同的方法,那么我愿意尝试任何符合使事件客户可识别的最终目标的东西。
想要使用主机名重写的原因是因为这与环境中其他工具的配置如何在线,并且非常需要保留均匀的设置。但是,如果不可能,则如果第一个在技术上不可行的情况下,则可以考虑另一种方法。
正确的方法是什么?
I am setting up rsyslog in a multitenant environment to relay to a central server. Because it is multitenanted, I would like to prefix the hostname from the first rsyslog server with a customer specific prepend before relaying on to the central server. I had planned to set the prefix manually, however, the prefix is configured in another file on the server, and if this could be gathered from that file, that would be even better.
Because the first server will be relaying from multiple hosts, the prepend has to be a dynamic rewrite that includes the original hostname rather than a hard-coded overwrite of the same hostname for all entries, which I've seen in some examples.
Ideally, what I am trying do do is summarised by the following pseudocode:
ruleset(name="myrule"){
set $hostname = "<prefix>-%HOSTNAME%"
action(type="omfwd" target="remote-ip")
}
I will be responsible for both the intermediate relay and the central server, but each relay can host multiple customers, so I don't think that the rewrite can be done on the central server, but I have full control of both layers. Each customer is connected via a dedicated interface and I was planning for a separate ruleset attached to an input configured for each interface and the ruleset to include the customer specific prefix. For this reason, I think the config needs to be on the relay, but if there's a different way, then I am willing to try anything that meets the end-goal of making events customer-identifiable.
The reason for wanting to use the hostname rewrite is because this is in-line with how other tools are configured in the environment and it is highly desirable to keep a homogenous setup. However, if that is not possible, another method may be considered if the first is not technically feasible.
What is the correct way to do this?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
这个问题的答案最终变得非常简单。我将一个恒定值注入了模板中:
The answer to this question ended up being surprisingly simple. I injected a constant value in to the template like so: