1.rsyslog的server配置
[root@VM_0_34_centos 0413]# cat /etc/rsyslog.conf |egrep -v '^#|^$' $ModLoad imuxsock # provides support for local system logging (e.g. via logger command) $ModLoad imjournal # provides access to the systemd journal $ModLoad imudp $UDPServerRun 514 $ModLoad imtcp $InputTCPServerRun 514 $InputTCPMaxSessions 500 $FileOwner dev $template logformat,"%TIMESTAMP% %FROMHOST-IP%%msg% " $template DynFile,"/mnt/data/logs/rsyslogs/%$year%%$month%%$day%.log" $AllowedSender TCP, 10.0.0.0/24 $template Remote,"/mnt/data/logs/rsyslogs/%fromhost-ip%/%fromhost-ip%_%$YEAR%-%$MONTH%-%$DAY%.log" :fromhost-ip, !isequal, "127.0.0.1" ?Remote $WorkDirectory /var/lib/rsyslog $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat $IncludeConfig /etc/rsyslog.d/*.conf $OmitLocalLogging on $IMJournalStateFile imjournal.state *.info;mail.none;authpriv.none;cron.none /var/log/messages authpriv.* /var/log/secure mail.* -/var/log/maillog cron.* /var/log/cron *.emerg :omusrmsg:* uucp,news.crit /var/log/spooler local7.* /var/log/boot.log $ModLoad ommysql *.info;mail.none;authpriv.none;cron.none :ommysql:10.0.0.134,Syslog,rsyslogdbadmin,rsyslog.ppp
2.rsyslog的client配置
[root@VM_0_12_centos ~]# cat /etc/rsyslog.conf |egrep -v '^$|^#' $ModLoad imuxsock # provides support for local system logging (e.g. via logger command) $ModLoad imjournal # provides access to the systemd journal $WorkDirectory /var/lib/rsyslog $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat $IncludeConfig /etc/rsyslog.d/*.conf $OmitLocalLogging on $IMJournalStateFile imjournal.state *.info;mail.none;authpriv.none;cron.none /var/log/messages authpriv.* /var/log/secure mail.* -/var/log/maillog cron.* /var/log/cron *.emerg :omusrmsg:* uucp,news.crit /var/log/spooler local7.* /var/log/boot.log *.* @@10.0.0.34:514
3.web页面分析
参考:https://www.cnblogs.com/th-lyc/p/11703190.html https://www.cnblogs.com/hanyifeng/p/5474147.html