我在SLES 10上使用了syslog-ng 1.6.8 。在这台机器上,我需要将所有事件转发到远程主机10.30.38.115。 但是,初步我必须改变一些信息,添加“MyMark”前缀的事件结束。 我尝试了以下内容:
source src { internal(); unix-dgram("/dev/log"); }; destination editredirect { udp("10.30.38.115" port(514) template("<$PRI> $DATE $HOST $MSG MyMark\n") ); }; log { source(src); destination(editredirect); };
但它不起作用。 在远程主机上,我根本没有收到这些消息。 真相告诉我,即使我删除模板,我也不会收到他们。 远程主机被configuration为接收传入的消息,它确实如此。
所以,我的问题是如何调整syslog-ng.conf以便在将消息发送到远程主机之前更改消息。
更新:解决
这里是如何组织redirect:
远程机器:
source src { # # include internal syslog-ng messages # note: the internal() soure is required! # internal(); # # the default log socket for local logging: # unix-dgram("/dev/log"); # # uncomment to process log messages from network: # udp(ip("0.0.0.0") port(514)); tcp(ip("0.0.0.0") port(1470)); };
本地机器:
source src { # # include internal syslog-ng messages # note: the internal() soure is required! # internal(); # # the following line will be replaced by the # socket list generated by SuSEconfig using # variables from /etc/sysconfig/syslog: # #unix-dgram("/dev/log"); unix-stream("/dev/log"); # # uncomment to process log messages from network: # #udp(ip("0.0.0.0") port(514)); }; destination editredirect { tcp("10.30.38.115" port(1470) template("<$PRI> $DATE $HOST $MSG MyMark\n")); }; log { source(src); destination(editredirect); };
尝试这个
source src { internal(); unix-stream("/dev/log"); }; destination editredirect { tcp("10.30.38.115" port(1470) template("$FULLDATE $PROGRAM $MSGONLY MyMark \n") template_escape(no)); }; log { source(src); destination(editredirect); };
这里是如何组织redirect:
Remote machine: source src { # # include internal syslog-ng messages # note: the internal() soure is required! # internal(); # # the default log socket for local logging: # unix-dgram("/dev/log"); # # uncomment to process log messages from network: # udp(ip("0.0.0.0") port(514)); tcp(ip("0.0.0.0") port(1470)); }; Local machine: source src { # # include internal syslog-ng messages # note: the internal() soure is required! # internal(); # # the following line will be replaced by the # socket list generated by SuSEconfig using # variables from /etc/sysconfig/syslog: # #unix-dgram("/dev/log"); unix-stream("/dev/log"); # # uncomment to process log messages from network: # #udp(ip("0.0.0.0") port(514));
};
destination editredirect { tcp("10.30.38.115" port(1470) template("<$PRI> $DATE $HOST $MSG MyMark\n")); }; log { source(src); destination(editredirect); };