linux rsyslog日志采集格式设定一

linux rsyslog日志采集格式设定一

1.创建日志接收模板

打开/etc/rsyslog.conf文件，在GLOBAL DIRECTIVES模块下任意位置添加以下内容

命令：

vim /etc/rsyslog.conf

测试：rsyslog.conf文件结尾添加以下内容

$template ztj,"/var/log/%hostname%/%programname%.log"
*.*     ?ztj
& ~

$template ztj,"/var/log/%hostname%/%programname%.log"

#定义模板ztj

#hostname：来自日志的主机名称

#programname：产生日志的进程名称，其值与%app-name%值相同

#可以通过man rsyslog.conf命令查看rsyslog属性(即：%hostname%和%programname%)

[root@rhel77 ~]# man rsyslog.conf
...... 
Available Properties
       msg    the MSG part of the message (aka "the message" ;))

       rawmsg the message exactly as it was received from the socket. Should be useful for debugging.

       HOSTNAME
              hostname from the message

       FROMHOST
              hostname of the system the message was received from (in a