linux rsyslog日志采集格式设定一

linux rsyslog日志采集格式设定一

linux rsyslog日志采集格式设定一

1.创建日志接收模板

打开/etc/rsyslog.conf文件，在GLOBAL DIRECTIVES模块下任意位置添加以下内容

命令：

vim /etc/rsyslog.conf

测试：rsyslog.conf文件结尾添加以下内容

$template ztj,"/var/log/%hostname%/%programname%.log"
*.*     ?ztj
& ~

$template ztj,"/var/log/%hostname%/%programname%.log"

#定义模板ztj

#hostname：来自日志的主机名称

#programname：产生日志的进程名称，其值与%app-name%值相同

#可以通过man rsyslog.conf命令查看rsyslog属性(即：%hostname%和%programname%)

[root@rhel77 ~]# man rsyslog.conf
...... 
Available Propertiesmsg    the MSG part of the message (aka "the message" ;))rawmsg the message exactly as it was received from the socket. Should be useful for debugging.HOSTNAMEhostname from the messageFROMHOSThostname of the system the message was received from (in a