отправлять журналы на несколько серверов rsyslog

Когда я пытаюсь отправить данные на несколько серверов rsyslog, он выбирает только первое правило пересылки и игнорирует остальные.

мой файл конфигурации клиента rsyslog.

$WorkDirectory /var/tmp/rsyslog/work

$DefaultNetstreamDriverCAFile /usr/local/abc/certs/syslog_ca.crt
$DefaultNetstreamDriver gtls # use gtls netstream driver

### Forwarding rules #1
$ActionSendStreamDriverMode 1 # require TLS for the connection
$ActionSendStreamDriverAuthMode anon # server is NOT authenticated
$ActionQueueType LinkedList   # use asynchronous processing
$ActionQueueFileName srvrfwd  # set file name, also enables disk mode
$ActionResumeRetryCount -1    # infinite retries on insert failure
$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down
if $syslogtag contains 'error' then @@rsyslog.abc.com:10514
& ~
###

### Forwarding rules #2
$ActionSendStreamDriverMode 1 # require TLS for the connection
$ActionSendStreamDriverAuthMode anon # server is NOT authenticated
$ActionQueueType LinkedList   # use asynchronous processing
$ActionQueueFileName srvrfwd1  # set file name, also enables disk mode
$ActionResumeRetryCount -1    # infinite retries on insert failure
$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down
if $syslogtag contains 'error' then @@rsyslog1.abc.com:10514
& ~
###

если я прокомментирую правило пересылки № 1, оно примет правило № 2.


rsyslog
person Chucks    schedule 22.08.2013    source источник

Ответы (1)


arrow_upward
2
arrow_downward

Из документации rsyslog: ( http://www.rsyslog.com/storing-messages-from-a-remote-system-into-a-specific-file/ )

Следующая строка («& ~») важна: она говорит rsyslog прекратить обработку сообщения после того, как оно было записано в журнал.

Так что (обычно) работает:

$WorkDirectory /var/tmp/rsyslog/work

$DefaultNetstreamDriverCAFile /usr/local/abc/certs/syslog_ca.crt
$DefaultNetstreamDriver gtls # use gtls netstream driver

### Forwarding rules #1
$ActionSendStreamDriverMode 1 # require TLS for the connection
$ActionSendStreamDriverAuthMode anon # server is NOT authenticated
$ActionQueueType LinkedList   # use asynchronous processing
$ActionQueueFileName srvrfwd  # set file name, also enables disk mode
$ActionResumeRetryCount -1    # infinite retries on insert failure
$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down
if $syslogtag contains 'error' then @@rsyslog.abc.com:10514
###

### Forwarding rules #2
$ActionSendStreamDriverMode 1 # require TLS for the connection
$ActionSendStreamDriverAuthMode anon # server is NOT authenticated
$ActionQueueType LinkedList   # use asynchronous processing
$ActionQueueFileName srvrfwd1  # set file name, also enables disk mode
$ActionResumeRetryCount -1    # infinite retries on insert failure
$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down
if $syslogtag contains 'error' then @@rsyslog1.abc.com:10514
& ~
###

Или просто:

$WorkDirectory /var/tmp/rsyslog/work

$DefaultNetstreamDriverCAFile /usr/local/abc/certs/syslog_ca.crt
$DefaultNetstreamDriver gtls # use gtls netstream driver

$ActionSendStreamDriverMode 1 # require TLS for the connection
$ActionSendStreamDriverAuthMode anon # server is NOT authenticated
$ActionQueueType LinkedList   # use asynchronous processing
$ActionQueueFileName srvrfwd  # set file name, also enables disk mode
$ActionResumeRetryCount -1    # infinite retries on insert failure
$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down
if $syslogtag contains 'error' then @@rsyslog.abc.com:10514
& @@rsyslog1.abc.com:10514
###
person Pwu    schedule 23.08.2013