准备做一个较高负载的rsyslog udp接收服务器,今天配置了一下,不知道能不能顶住,先记录下来
</pre> $PrivDropToGroup nobody $PrivDropToUser nobody $EscapeControlCharactersOnReceive off $OMFileAsyncWriting on $OMFileFlushOnTXEnd off $OMFileFlushInterval 30 $OMFileIOBufferSize 64k $template MyFileFormat,"%timegenerated:::date-rfc3339% %fromhost-ip% %rawmsg%\n" $template DynFile,"/home/rsyslog/test.%$now%.%$hour%.%$minute%.log" $Ruleset remote10514 $RulesetParser rsyslog.rfc3164 *.* -?DynFile;MyFileFormat & ~ # UDP Syslog Server: $ModLoad imudp.so # provides UDP syslog reception $InputUDPServerBindRuleset remote10514 $UDPServerRun 10514 # start a UDP syslog server at standard port 514 $UDPServerTimeRequery 1000 $ModLoad ommysql.so $template JustSQL,"insert into qn_report_log (create_time, ip, message) values ('%timegenerated:::date-mysql%', '%fromhost-ip%', '%rawmsg%')",SQL $Ruleset remote10515 $RulesetParser rsyslog.rfc3164 *.* : ommysql:dbhost,dbname,dbuser,dbpass;JustSQL & ~ $InputUDPServerBindRuleset remote10515 $UDPServerRun 10515 # start a UDP syslog server at standard port 514 $UDPServerTimeRequery 1000 <pre>
两种输出,不同负载
DynFile 按分钟输出,负载较高
mysql的输出是另外一个应用,负载较低,如果被影响的话就另外开一个实例来启动
基本rsyslog的基础功能都用了一遍。。。
启动脚本记得关掉dns解释
/home/rsyslog/sbin/rsyslogd -x -4 -f /home/rsyslog/etc/rsyslog.conf -i /home/rsyslog/rsyslogd.pid