- 論壇徽章:
- 4
|
現(xiàn)有欲架設(shè)一臺(tái)集中日志服務(wù)器�����,只接收來(lái)自指定客戶端IP的消息日志���,并對(duì)日志進(jìn)行分類處理��。
采用UDP傳輸方式
格式
--- /val/log/test
----客戶端IP1
----A類
----B類
----C類
----客戶端IP2
----客戶端IP3
代碼如下
$ModLoad imudp
$UDPServerRun 514
$template d_session, "/var/log/ipwall/%FROMHOST-IP%/session/messages.log"
$template d_url, "/var/log/ipwall/%FROMHOST-IP%/url/messages.log"
$template d_qq, "/var/log/ipwall/%FROMHOST-IP%/QQ/messages.log"
$template d_others, "/var/log/ipwall/%FROMHOST-IP%/others/messages.log"
if $syslogfacility-text == 'local1' and $syslogpriority-text == 'info' then ?d_session
&~
if $syslogfacility-text == 'local2' and $syslogpriority-text == 'info' then ?d_url
&~
if $syslogfacility-text == 'local3' and $msg startswith ' qq' then ?d_qq
&~
if not($syslogfacility-text == 'local1' or $syslogfacility-text == 'local2' or $syslogfacility-text == 'local3' ) then ?d_others
&~
現(xiàn)在問(wèn)題有幾個(gè):希望各位大俠給指點(diǎn)下:
1. 指定目錄下產(chǎn)生127.0.0.1(本機(jī))目錄 ----(本來(lái)不需要)
2. 日志記錄到對(duì)應(yīng)的文件中�,但是發(fā)現(xiàn)日志記錄不完整,只有少部分寫(xiě)進(jìn)入���,并且延遲非常大
|
|
免費(fèi)注冊(cè)
發(fā)表于 2014-03-03 16:56
