准备做一个较高负载的rsyslog udp接收服务器,今天配置了一下,不知道能不能顶住,先记录下来
</pre>
$PrivDropToGroup nobody
$PrivDropToUser nobody
$EscapeControlCharactersOnReceive off
$OMFileAsyncWriting on
$OMFileFlushOnTXEnd off
$OMFileFlushInterval 30
$OMFileIOBufferSize 64k
$template MyFileFormat,"%timegenerated:::date-rfc3339% %fromhost-ip% %rawmsg%\n"
$template DynFile,"/home/rsyslog/test.%$now%.%$hour%.%$minute%.log"
$Ruleset remote10514
$RulesetParser rsyslog.rfc3164
*.* -?DynFile;MyFileFormat
& ~
# UDP Syslog Server:
$ModLoad imudp.so # provides UDP syslog reception
$InputUDPServerBindRuleset remote10514
$UDPServerRun 10514 # start a UDP syslog server at standard port 514
$UDPServerTimeRequery 1000
$ModLoad ommysql.so
$template JustSQL,"insert into qn_report_log (create_time, ip, message) values ('%timegenerated:::date-mysql%', '%fromhost-ip%', '%rawmsg%')",SQL
$Ruleset remote10515
$RulesetParser rsyslog.rfc3164
*.* : ommysql:dbhost,dbname,dbuser,dbpass;JustSQL
& ~
$InputUDPServerBindRuleset remote10515
$UDPServerRun 10515 # start a UDP syslog server at standard port 514
$UDPServerTimeRequery 1000
<pre>
两种输出,不同负载
DynFile 按分钟输出,负载较高
mysql的输出是另外一个应用,负载较低,如果被影响的话就另外开一个实例来启动
基本rsyslog的基础功能都用了一遍。。。
启动脚本记得关掉dns解释
/home/rsyslog/sbin/rsyslogd -x -4 -f /home/rsyslog/etc/rsyslog.conf -i /home/rsyslog/rsyslogd.pid