服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 这个rsyslog规则有什么问题?
Intereting Posts
我在哪里可以下载Windows Server 2008的所有系统服务的描述? NVIDIA Grid卡中的CPU-GPU数据传输 是否有可能购买和运行没有服务器的Microsoft Forefront客户端安全代理? 为什么我不能将安全例外添加到受HSTS保护的网站? 邮件在根login时,而不是从本地主机login 删除一个DLL的引用 – IIS 使用主目录符号链接创buildLinux帐户 Linux的情况 如何重命名Team Foundation Server(TFS)中的项目 来自truecrypt容器的Htaccess问题 apache error_log SMTP作为发送邮件的SmartHost cron.daily不能执行 MongoDB在单个linux机器上分片 添加到域后需要很长时间才能closures

这个rsyslog规则有什么问题?

我试图用程序来处理日志的一部分:

if $programname == 'Security-Alert' then |/usr/local/bin/handler

如果我调用echo blabla | /usr/local/bin/handler ,处理程序脚本可以工作 echo blabla | /usr/local/bin/handler

现在我没有输出与logger -t Security-Alert 'This is an alert'

debugging输出: 

 5210.871815399:b75a66c0: requested to include config file '/etc/rsyslog.d/60-sec.conf' 5210.871846408:b75a66c0: cfline: 'if $programname == 'Security-Alert' then |/usr/local/bin/handler' 5210.871865404:b75a66c0: - general expression-based filter 5210.871886077:b75a66c0: skipped whitespace, stream now '$programname == 'Security-Alert' then |/usr/local/bin/handler' 5210.871907588:b75a66c0: ctok_token 0x8206dc8: token: 13 5210.871936361:b75a66c0: expr 0x8206a78: MSGVAR 5210.871959828:b75a66c0: skipped whitespace, stream now '== 'Security-Alert' then |/usr/local/bin/handler' 5210.871977706:b75a66c0: ctok_token 0x8206dc8: token: 100 5210.872020448:b75a66c0: expr 0x8206a78: cmp 5210.872041959:b75a66c0: skipped whitespace, stream now ''Security-Alert' then |/usr/local/bin/handler' 5210.872060397:b75a66c0: ctok_token 0x8207630: token: 14 5210.872079952:b75a66c0: expr 0x8206a78: simpstr 5210.872109005:b75a66c0: skipped whitespace, stream now 'then |/usr/local/bin/handler' 5210.872125766:b75a66c0: skipped whitespace, stream now 'then |/usr/local/bin/handler' 5210.872146439:b75a66c0: ctok_token 0x8207630: token: 18 5210.872166832:b75a66c0: expr 0x8206a78: successfully parsed/created expression 5210.872187225:b75a66c0: tried selector action for builtin-file: -2001 5210.872229408:b75a66c0: tried selector action for builtin-pipe: 0 5210.872246170:b75a66c0: Module builtin-pipe processed this config line. 5210.872269915:b75a66c0: template: 'RSYSLOG_TraditionalFileFormat' assigned 5210.872286677:b75a66c0: info: firehose mode disabled for action because iExecEveryNthOccur=0, ReduceRepeated=1, iSecsExecOnceInterval=0 5210.872309305:b75a66c0: action 11 queue: save on shutdown 1, max disk space allowed 0 5210.872340034:b75a66c0: action 11 queue: type 3, enq-only 0, disk assisted 0, maxFileSz 1048576, lqsize 0, pqsize 0, child 0, full delay 970, light delay 700, deq batch size 16 starting 5210.872360148:b75a66c0: Action 0x8207868: queue 0x8207910 created 5210.872378307:b75a66c0: selector line successfully processed

任何人都有提示?