- 论坛徽章:
- 4
|
现有欲架设一台集中日志服务器,只接收来自指定客户端IP的消息日志,并对日志进行分类处理。
采用UDP传输方式
格式
--- /val/log/test
----客户端IP1
----A类
----B类
----C类
----客户端IP2
----客户端IP3
代码如下
$ModLoad imudp
$UDPServerRun 514
$template d_session, "/var/log/ipwall/%FROMHOST-IP%/session/messages.log"
$template d_url, "/var/log/ipwall/%FROMHOST-IP%/url/messages.log"
$template d_qq, "/var/log/ipwall/%FROMHOST-IP%/QQ/messages.log"
$template d_others, "/var/log/ipwall/%FROMHOST-IP%/others/messages.log"
if $syslogfacility-text == 'local1' and $syslogpriority-text == 'info' then ?d_session
&~
if $syslogfacility-text == 'local2' and $syslogpriority-text == 'info' then ?d_url
&~
if $syslogfacility-text == 'local3' and $msg startswith ' qq' then ?d_qq
&~
if not($syslogfacility-text == 'local1' or $syslogfacility-text == 'local2' or $syslogfacility-text == 'local3' ) then ?d_others
&~
现在问题有几个:希望各位大侠给指点下:
1. 指定目录下产生127.0.0.1(本机)目录 ----(本来不需要)
2. 日志记录到对应的文件中,但是发现日志记录不完整,只有少部分写进入,并且延迟非常大
|
|
免费注册
发表于 2014-03-03 16:56
