开启snmp协议端口信息级别:1info2notice3warning(警告)4err(error)5crit6alert7emerg(panic)越往后越严重的两个特殊级别,debug(errordetectionlevel)和none(无需登录级别),使用“.”当需要做错误检测或忽略某些服务信息时,意味着高于该符号的级别(包括本级别)将被记录。例如:mail.info表示只要是邮件信息,并且信息级别高于info(包括info),都会被记录下来。“.=”表示要求的级别是后面的级别,其他不要“.!”表示不等于,即除该级别外的其他级别都会记录syslog日志文件。一旦编辑,日志文件无法记录,需要重新写入启动rsyslog服务/etc/logrotate.conf轮转文件agent/etc/rsyslog.conf$MaxMessageSize128k$ModLoadimuxsock$ModLoadimklog$ActionFileDefaultTemplateRSYSLOG_TraditionalFileFormat$ModLoadimudp$UDPServerRun514$SystemLogRateLimit0mitInterval0$SystemLogRateWorkDirectory/var/lib/rsyslog#放置假脱机文件的位置$ActionQueueFileNamefwdRule1#假脱机文件的唯一名称前缀$ActionQueueMaxDiskSpace1g#1gb空间限制(尽可能使用)$ActionQueueSaveOnShutdownon#在关机时将消息保存到$diskAcedLink#异步运行$ActionResumeRetryCount-1#如果主机关闭则无限重试:msg,contains,"GET/daemon.php?tableid"~*.*@@10.1.100.11日志服务器/etc/rsyslog.conf<代码>$MaxMessageSize128k$ModLoadimuxsock.so$ModLoadimklog.so$ActionFileDefaultTemplateRSYSLOG_TraditionalFileFormat$SystemLogRateLimitInterval0$SystemLogRateLimitBurst0$ModLoadimtcp$InputTCPServerRun514:msg,contains,"GET/daemon.php?tableid"~:rawmsg,contains,"ASKMQ-WORKER29"~#标准系统服务$templateDYNmessages,"/var/日志/日志/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/messages"$templateDYNsecure,"/var/log/LOGS/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/secure"$templateDYNmaillog,"/var/log/LOGS/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/maillog"$templateDYNcron,"/var/log/LOGS/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/cron"$templateDYNspooler,"/var/log/LOGS/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/spooler"$templateDYNboot,"/var/log/LOGS/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/boot.log"$templateDYNiptables,"/var/log/LOGS/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/iptables.log"$templateDYNaudit,"/var/log/LOGS/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/audit.log"$templateDYNapache-access,"/var/log/LOGS/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/apache-access.log“$模板DYNapache错误,”/var/log/LOGS/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/apache-error.log"$templateDYNphp,"/var/log/LOGS/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/php.log"$templateDYNredis,"/var/log/LOGS/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/redis.log"$templateDYNnodejs,"/var/log/LOGS/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/nodejs.log"if$programname=='apache-access'then?DYNapache-access&~if$programname=='apache-error'then?DYNapache-error&~if$programname=='audispd'then?DYNaudit&~if$programname=='php'then?DYNphp&~if$programname=='redis'then?DYNredis&~if$programname=='NodeJS'then?DYNnodejs&~if$msgcontains'iptables:'then?DYNiptables&~if$syslogseverity<='6'and($syslogfacility-text!='mail'and$syslogfacility-text!='authpriv'和$syslogfacility-text!='cron')然后?DYNmessagesif$syslogfacility-text=='authpriv'然后?DYNsecureif$syslogfacility-text=='mail'然后-?DYNmaillogif$syslogfacility-text=='cron'然后?DYNcronif($syslogfacility-text=='uucp'或$syslogfacility-text=='news')and$syslogseverity-text=='crit'then?DYNspoolerif$syslogfacility-text=='local7'then?DYNboot
