將nginx的access.log訪問日誌發送到rsyslog服務器並寫入數據庫

nginx.conf（將原日誌路徑改爲rsyslog服務器地址）

access_log syslog:server=10.10.14.64:514,facility=local6 main;

如果需要入庫需要安裝相應數據庫的依賴包 ；mysql依賴：yum install -y rsyslog-mysql     pgsql依賴：yum install -y rsyslog-pgsql   還有很多其他依賴可以用 yum list rsyslog-* 進行查看

用 rpm -ql rsyslog-mysql 或 rpm -ql rsyslog-pgsql  來查看數據庫腳本文件

查出來的大概是 /usr/share/doc/rsyslog/pgsql-createDB.sql，這個sql中有建庫建表語句

rsyslog服務器配置

# rsyslog configuration file

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# or latest version online at http://www.rsyslog.com/doc/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html

#### GLOBAL DIRECTIVES ####

# Where to place auxiliary files
global(workDirectory="/var/lib/rsyslog")

# Use default timestamp format
module(load="builtin:omfile" Template="RSYSLOG_TraditionalFileFormat")

#### MODULES ####

module(load="imuxsock"    # provides support for local system logging (e.g. via logger command)
       SysSock.Use="off") # Turn off message reception via local log socket;
                          # local messages are retrieved through imjournal now.
module(load="imjournal"             # provides access to the systemd journal
       StateFile="/run/log/imjournal.state") # File to store the position in the journal
#module(load="imklog") # reads kernel messages (the same are read from journald)
#module(load="immark") # provides --MARK-- message capability

$imjournalRatelimitInterval 0
#$ActionOmmysqlServerPort 3307    #如果mysql不是默認端口，需要設置該配置

module(load="ompgsql")    #pgsql的連接，mysql的配置爲：module(load="ommysql")
module(load="imudp")
input(type="imudp" port="514")
module(load="imtcp")
input(type="imtcp" port="514")

# Include all config files in /etc/rsyslog.d/
include(file="/etc/rsyslog.d/*.conf" mode="optional")
#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
#*.info;mail.none;authpriv.none;cron.none                /var/log/messages
#*.info;mail.none;authpriv.none;cron.none                :ommysql:10.10.14.209,syslog,root,123456

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog


# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 :omusrmsg:*

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log

local6.*                                                /var/log/nginx/access.log    #將客戶端發過來的日誌寫入文件
local6.*                                                :ompgsql:10.10.14.61,Syslog,postgres,123456    #寫入數據庫

 

重啓

systemctl restart rsyslog

 

詳細說明：

https://blog.51cto.com/shone/5093830