我想转发( rsyslog 8.4.2-1 )所有系统日志消息到127.0.0.1端口。 为了做到这一点,我在/etc/rsyslog.d/expose-42000.conf添加了一个文件:
*.* @127.0.0.1:42000
重新启动rsyslog(日志中没有错误消息)后,我试图收听传入的消息:
netcat -u 127.0.0.1 42000
尽pipe在/var/log/syslog显示了消息,但仍然没有输出。
为了确保文件确实包含在内,我在debugging模式下运行了rsyslogd,并且看到include发生了:
# rsyslogd -dn (...) 8836.556859167:main thread : requested to include config file '/etc/rsyslog.d/expose-42000.conf' 8836.556895084:main thread : config parser: pushed file /etc/rsyslog.d/expose-42000.conf on top of stack Next token is token PRIFILT () Shifting token PRIFILT () Entering state 14 Reading a token: Next token is token LEGACY_ACTION () Shifting token LEGACY_ACTION () Entering state 12 Reducing stack by rule 35 (line 168): $1 = token LEGACY_ACTION () 8836.557893160:main thread : tried selector action for builtin:omfile: -2001 8836.557908388:main thread : tried selector action for builtin:ompipe: -2001 8836.557923233:main thread : tried selector action for builtin-shell: -2001 8836.558022055:main thread : tried selector action for builtin:omdiscard: -2001 8836.558038075:main thread : tried selector action for builtin:omfwd: 0 8836.558052488:main thread : Module builtin:omfwd processes this action. 8836.558136499:main thread : template: 'RSYSLOG_TraditionalForwardFormat' assigned 8836.558160039:main thread : action 1 queue: parameter dump: 8836.558174916:main thread : action 1 queue: queue.filename '[NONE]' 8836.558273542:main thread : action 1 queue: queue.size: 1000 8836.558288080:main thread : action 1 queue: queue.dequeuebatchsize: 16 8836.558302414:main thread : action 1 queue: queue.maxdiskspace: 0 8836.558368788:main thread : action 1 queue: queue.highwatermark: -1 8836.558384865:main thread : action 1 queue: queue.lowwatermark: -1 8836.558413762:main thread : action 1 queue: queue.fulldelaymark: -1 8836.558442666:main thread : action 1 queue: queue.lightdelaymark: -1 8836.558470770:main thread : action 1 queue: queue.discardmark: 980 8836.558552633:main thread : action 1 queue: queue.discardseverity: 8 8836.558594909:main thread : action 1 queue: queue.checkpointinterval: 0 8836.558608920:main thread : action 1 queue: queue.syncqueuefiles: 0 8836.558623042:main thread : action 1 queue: queue.type: 3 [Direct] 8836.558691335:main thread : action 1 queue: queue.workerthreads: 1 8836.558727077:main thread : action 1 queue: queue.timeoutshutdown: 0 8836.558741599:main thread : action 1 queue: queue.timeoutactioncompletion: 1000 8836.558827751:main thread : action 1 queue: queue.timeoutenqueue: 50 8836.558855694:main thread : action 1 queue: queue.timeoutworkerthreadshutdown: 60000 8836.558869846:main thread : action 1 queue: queue.workerthreadminimummessages: -1 8836.558884102:main thread : action 1 queue: queue.maxfilesize: 1048576 8836.558950182:main thread : action 1 queue: queue.saveonshutdown: 1 8836.558983020:main thread : action 1 queue: queue.dequeueslowdown: 0 8836.558997187:main thread : action 1 queue: queue.dequeuetimebegin: 0 8836.559011113:main thread : action 1 queue: queuedequeuetimend.: 25 8836.559025491:main thread : Action 0xb97a40: queue 0xb99120 created -> $$ = nterm s_act () Stack now 0 1 14 Entering state 22 Reducing stack by rule 32 (line 164): $1 = nterm s_act () -> $$ = nterm actlst () Stack now 0 1 14 Entering state 21 Reading a token: 8836.559386173:main thread : config parser: reached end of file /etc/rsyslog.d/expose-42000.conf 8836.559390418:main thread : config parser: resume parsing of file /etc/rsyslog.conf at line 51 (...)
有什么我失踪?
我认为一切都很好,但你的netcat使用。
我把你的configuration改为verbatim,运行syslogd -dn
但后来我跑这个:
nc -u -l -p 42000
并得到了预期的日志。 -l是为了听。 您的命令尝试连接到非打开/侦听UDP端口。