nginx.conf(將原日誌路徑改爲rsyslog服務器地址)
access_log syslog:server=10.10.14.64:514,facility=local6 main;
如果需要入庫需要安裝相應數據庫的依賴包 ;mysql依賴:yum install -y rsyslog-mysql pgsql依賴:yum install -y rsyslog-pgsql 還有很多其他依賴可以用 yum list rsyslog-* 進行查看
用 rpm -ql rsyslog-mysql 或 rpm -ql rsyslog-pgsql 來查看數據庫腳本文件
查出來的大概是 /usr/share/doc/rsyslog/pgsql-createDB.sql,這個sql中有建庫建表語句
rsyslog服務器配置
# rsyslog configuration file # For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html # or latest version online at http://www.rsyslog.com/doc/rsyslog_conf.html # If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html #### GLOBAL DIRECTIVES #### # Where to place auxiliary files global(workDirectory="/var/lib/rsyslog") # Use default timestamp format module(load="builtin:omfile" Template="RSYSLOG_TraditionalFileFormat") #### MODULES #### module(load="imuxsock" # provides support for local system logging (e.g. via logger command) SysSock.Use="off") # Turn off message reception via local log socket; # local messages are retrieved through imjournal now. module(load="imjournal" # provides access to the systemd journal StateFile="/run/log/imjournal.state") # File to store the position in the journal #module(load="imklog") # reads kernel messages (the same are read from journald) #module(load="immark") # provides --MARK-- message capability $imjournalRatelimitInterval 0 #$ActionOmmysqlServerPort 3307 #如果mysql不是默認端口,需要設置該配置 module(load="ompgsql") #pgsql的連接,mysql的配置爲:module(load="ommysql") module(load="imudp") input(type="imudp" port="514") module(load="imtcp") input(type="imtcp" port="514") # Include all config files in /etc/rsyslog.d/ include(file="/etc/rsyslog.d/*.conf" mode="optional") #### RULES #### # Log all kernel messages to the console. # Logging much else clutters up the screen. #kern.* /dev/console # Log anything (except mail) of level info or higher. # Don't log private authentication messages! #*.info;mail.none;authpriv.none;cron.none /var/log/messages #*.info;mail.none;authpriv.none;cron.none :ommysql:10.10.14.209,syslog,root,123456 # The authpriv file has restricted access. authpriv.* /var/log/secure # Log all the mail messages in one place. mail.* -/var/log/maillog # Log cron stuff cron.* /var/log/cron # Everybody gets emergency messages *.emerg :omusrmsg:* # Save news errors of level crit and higher in a special file. uucp,news.crit /var/log/spooler # Save boot messages also to boot.log local7.* /var/log/boot.log local6.* /var/log/nginx/access.log #將客戶端發過來的日誌寫入文件 local6.* :ompgsql:10.10.14.61,Syslog,postgres,123456 #寫入數據庫
重啓
systemctl restart rsyslog
詳細說明: