Mar 02 2012

高负载的rsyslog设置

Category: 技术ssmax @ 12:49:30

准备做一个较高负载的rsyslog udp接收服务器,今天配置了一下,不知道能不能顶住,先记录下来

</pre>
$PrivDropToGroup nobody
$PrivDropToUser nobody

$EscapeControlCharactersOnReceive off

$OMFileAsyncWriting on
$OMFileFlushOnTXEnd off
$OMFileFlushInterval 30
$OMFileIOBufferSize 64k

$template MyFileFormat,"%timegenerated:::date-rfc3339% %fromhost-ip% %rawmsg%\n"
$template DynFile,"/home/rsyslog/test.%$now%.%$hour%.%$minute%.log"

$Ruleset remote10514
$RulesetParser rsyslog.rfc3164
*.*                       -?DynFile;MyFileFormat
& ~

# UDP Syslog Server:
$ModLoad imudp.so  # provides UDP syslog reception
$InputUDPServerBindRuleset remote10514
$UDPServerRun 10514 # start a UDP syslog server at standard port 514
$UDPServerTimeRequery 1000

&nbsp;

$ModLoad ommysql.so

$template JustSQL,"insert into qn_report_log (create_time, ip, message) values ('%timegenerated:::date-mysql%', '%fromhost-ip%', '%rawmsg%')",SQL

$Ruleset remote10515
$RulesetParser rsyslog.rfc3164
*.*                       : ommysql:dbhost,dbname,dbuser,dbpass;JustSQL
& ~

$InputUDPServerBindRuleset remote10515
$UDPServerRun 10515 # start a UDP syslog server at standard port 514
$UDPServerTimeRequery 1000
<pre>

两种输出,不同负载

DynFile 按分钟输出,负载较高

mysql的输出是另外一个应用,负载较低,如果被影响的话就另外开一个实例来启动

基本rsyslog的基础功能都用了一遍。。。

启动脚本记得关掉dns解释

/home/rsyslog/sbin/rsyslogd -x -4 -f /home/rsyslog/etc/rsyslog.conf -i /home/rsyslog/rsyslogd.pid