我有以下配置。我对Syslog-NG完全陌生,所以非常感谢您的帮助。
@version: 3.30
@include "scl.conf"
options
{
flush_lines (0);
time_reopen (10);
log_fifo_size (1000);
chain_hostnames (off);
use_dns (yes);
use_fqdn (yes);
create_dirs (yes);
keep_hostname (yes);
normalize_hostnames (yes);
stats_freq (600);
stats_level (2);
};
source s_local
{
internal();
};
source s_network
{
syslog(transport(udp) port(5514));
};
destination d_logs
{
file
(
"/var/log/all_logs.log"
create_dirs(yes)
);
};
log {source(s_network); destination(d_logs);};
我希望有一种方法,我可以路由每个程序类型到它自己的文件(例如…dping .log, sshd.log, unbound.log等),而不必事先明确定义它们,或者如果我能够提供一个程序列表,然后将其余部分转储到默认文件中,这实际上会更好。
我肯定在阅读Syslog-NG文档,但我对它太陌生了,我不知道在这一点上应该寻找什么,所以我想寻求一些指导。
@version: 3.30
@include "scl.conf"
options
{
flush_lines (0);
time_reopen (10);
log_fifo_size (1000);
chain_hostnames (off);
use_dns (yes);
use_fqdn (yes);
create_dirs (yes);
keep_hostname (yes);
normalize_hostnames (yes);
stats_freq (600);
stats_level (2);
};
source s_local
{
internal();
};
source s_network
{
syslog(transport(udp) port(5514));
};
filter f_whitelist { in-list("/config/program.list", value("PROGRAM")); };
filter f_blacklist { not in-list("/config/program.list", value("PROGRAM")); };
destination d_split_logs
{
file
(
"/config/log/$PROGRAM.log"
create_dirs(yes)
);
};
destination d_logs
{
file
(
"/config/log/syslog"
create_dirs(yes)
);
};
log
{
source(s_local );
source(s_network);
filter(f_whitelist);
destination(d_split_logs);
log
{
source(s_local );
source(s_network);
filter(f_blacklist);
destination(d_logs);
};
};