为什么 Rsyslog 服务器在接收数据时不创建文件到目录中?

问题描述 投票:0回答:1

我使用下面的 straitforward 简单文档来部署远程 rsyslog 服务器 https://www.tecmint.com/install-rsyslog-centralized-logging-in-centos-ubuntu/

我在远程有以下极简 rsyslog 配置(/etc/rsyslog.conf)

serverA
,其余配置是 CentOS 6.10 版(最终版)上的默认 /etc/rsyslog.conf 配置文件

#### MODULES ####

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
#$ModLoad immark  # provides --MARK-- message capability

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514

### Rules for processing the Remote Logs
$template RemoteLogs,"/data/rsyslog/%HOSTNAME%/%PROGRAMNAME%.log"
*.* ?RemoteLogs
& ~

它允许将端口 514 上的传入消息(通过 UPD 或 TCP)写入以发出这些数据的程序名命名的文件中 并进入以发送数据的主机名命名的目录

我的问题是,当我将数据(程序名 = dump.program)从名为 clientB 的客户端主机发送到我的远程系统日志服务器 A 时, 目录 /data/rsyslog/clientB 未创建,文件 /data/rsyslog/clientB/dump.program.log

serverA
上的 tcpdump 清楚地表明数据来自 
clientB

$ sudo tcpdump -A dst serverA | grep 客户端B

<134>Oct 25 10:09:28 clientB cassandra-access: {"I-logdate":"2021-10-22 14:24:11,715","I-level":"INFO","I-process":"SocketServer","I-brokerid":"1020787186","message":"Failed authentication with 10.227.214.2/10.227.214.2 (SSL handshake failed) (org.apache.kafka.common.network.Selector)","I-MessageID":"fykfvghjw6qn2fh1","I-@Ip":"10.207.87.186","I-NomPF":"KAFKA","I-NomVM":"hwi31dev02kfkzbomomtmo02","I-PathTrace":"/hawai/logs/kafka/server.log","I-RoleVM":"MOM","I-TypePF":"DEV","I-TypeTrace":"KAFKA","I-TypeVM":"MO","I-VersionOS":"CentOS release 6.10 (Final)","I-VersionSocle":"601-029","fi
10:09:28.463674 IP clientB.42330 > hwi31dev01danazboapplitbo02.shell: Flags [.], seq 711445:712893, ack 1, win 115, options [nop,nop,TS val 3499524066 ecr 3499512980], length 1448
<134>Oct 25 10:09:28 clientB cassandra-access: {"I-logdate":"2021-10-22 14:24:12,909","I-level":"INFO","I-process":"SocketServer","I-brokerid":"1020787186","message":"Failed authentication with 10.227.214.2/10.227.214.2 (SSL handshake failed) (org.apache.kafka.common.network.Selector)","I-MessageID":"fykfvghjw6qn2fh2","I-@Ip":"10.207.87.186","I-NomPF":"KAFKA","I-NomVM":"hwi31dev02kfkzbomomtmo02","I-PathTrace":"/hawai/logs/kafka/server.log","I-RoleVM":"MOM","I-TypePF":"DEV","I-TypeTrace":"KAFKA","I-TypeVM":"MO","I-VersionOS":"CentOS release 6.10 (Final)","I-VersionSocle":"601-029","file":"/hawai/logs/kafka/server.log","pfname":"KAFKA"}
<134>Oct 25 10:09:28 clientB cassandra-access: {"I-logdate":"2021-10-22 14:24:13,655","I-level":"INFO","I-process":"SocketServer","I-brokerid":"1020787186","message":"Failed authentication with 10.227.214.2/10.227.214.2 (SSL handshake failed) (org.apache.kafka.common.network.Selector)","I-MessageID":"fykfvghjw6qn2fh3","I-@Ip":"10.207.87.186","I-NomPF":"KAFKA","I-NomVM":"hwi31dev02kfkzbomomtmo02","I-PathTrace":"/hawai/logs/kafka/server.log","I-RoleVM":"MOM","I-TypePF":"DEV","I-TypeTrace":"KAFKA","I-TypeVM":"MO","I-VersionOS":"CentOS release 6.10 (Final)","I-VersionSocle":"601-029","file":"/hawai/logs/kafka/server.log","pfname":"KAFKA"}
<134>Oct 25 10:09:28 clientB cassandra-access: {"
10:09:28.463684 IP clientB > hwi31dev01danazboapplitbo02.shell: Flags [P.], seq 712893:714150, ack 1, win 115, options [nop,nop,TS val 3499524067 ecr 3499512981], length 1257
<134>Oct 25 10:09:28 clientB cassandra-access: {"I-logdate":"2021-10-22 14:24:15,077","I-level":"INFO","I-process":"SocketServer","I-brokerid":"1020787186","message":"Failed authentication with 10.227.214.2/10.227.214.2 (SSL handshake failed) (org.apache.kafka.common.network.Selector)","I-MessageID":"fykfvghjw6qn2fh5","I-@Ip":"10.207.87.186","I-NomPF":"KAFKA","I-NomVM":"hwi31dev02kfkzbomomtmo02","I-PathTrace":"/hawai/logs/kafka/server.log","I-RoleVM":"MOM","I-TypePF":"DEV","I-TypeTrace":"KAFKA","I-TypeVM":"MO","I-VersionOS":"CentOS release 6.10 (Final)","I-VersionSocle":"601-029","file":"/hawai/logs/kafka/server.log","pfname":"KAFKA"}

因此,我的理解是数据已由 rsyslog 服务在 

serverA
上成功处理,那么为什么不将它们写在 
/data/rsyslog/clientB/dump.program.log
上呢?

rsyslogd -version

rsyslogd 5.8.10, compiled with:
        FEATURE_REGEXP:                         Yes
        FEATURE_LARGEFILE:                      No
        GSSAPI Kerberos 5 support:              Yes
        FEATURE_DEBUG (debug build, slow code): No
        32bit Atomic operations supported:      Yes
        64bit Atomic operations supported:      Yes
        Runtime Instrumentation (slow code):    No

我在服务器上遗漏了什么吗?

是写权限问题吗?

我迷路了,欢迎任何帮助

linux rsyslog
1个回答
0
投票

感谢您发布消息。

我想知道你是如何解决这个问题的,因为我目前遇到了同样的问题。

干杯

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.