Rsyslog v8 imfile目录通配符
[英]Rsyslog v8 imfile directory wildcard
问题描述
I am trying to solve "sending" log files from directories and subdirectories to central log server using imfile in Rsyslog. 
我正在尝试使用Rsyslog中的imfile解决从目录和子目录向中央日志服务器“发送”日志文件的问题。
OS is CentOS 7 操作系统是CentOS 7
CentOS Linux release 7.3.1611 (Core)
Rsyslog is v8 from official repo. Rsyslog是官方回购版的v8。
rsyslogd 8.26.0, compiled with:
PLATFORM: x86_64-redhat-linux-gnu
PLATFORM (lsb_release -d):
FEATURE_REGEXP: Yes
GSSAPI Kerberos 5 support: No
FEATURE_DEBUG (debug build, slow code): No
32bit Atomic operations supported: Yes
64bit Atomic operations supported: Yes
memory allocator: system default
Runtime Instrumentation (slow code): No
uuid support: Yes
Number of Bits in RainerScript integers: 6
This Rsyslog version support wildcards on directory level. 此Rsyslog版本在目录级别支持通配符。 But it looks like it is not support directory wildcards with imfile. 但看起来它不支持带有imfile的目录通配符。
https://www.slideshare.net/rainergerhards1/using-wildcards-with-rsyslogs-file-monitor-imfile/4 https://www.slideshare.net/rainergerhards1/using-wildcards-with-rsyslogs-file-monitor-imfile/4
Problem is there is lot of directories in my case (and new are dynamically created) so I cannot create config for each directory. 问题是我有很多目录(并且是动态创建的),因此我无法为每个目录创建配置。
I noticed that Rsyslog send all new files from all directories (including all wildcards subdirectories) to central log server when is restarted. 我注意到,重新启动时,Rsyslog将所有目录(包括所有通配符子目录)中的所有新文件发送到中央日志服务器。 But when new file is created after restart Rsyslog did not start "send" this file to central log server. 但是,重新启动后创建新文件时,Rsyslog并未启动“将该文件发送”到中央日志服务器。
Workaround could by restart Rsyslog each X minutes, but I don't think it is good idea. 解决方法是每隔X分钟重新启动Rsyslog,但我认为这不是个好主意。
Can you please help me find some workaround or another configuration to handle this problem (maybe newer version of Rsyslog support it)? 您能否帮助我找到一些解决方法或其他配置来解决此问题(也许较新版本的Rsyslog支持它)?
Best regards, cr4wen 最好的问候,cr4wen
1 个解决方案
解决方案1
0 2018-04-09 14:52:15
From what I know about rsyslog, this version should support wildcards in filenames and folders, but I know there was a bug where it didn't pick up newly created files. 根据我对rsyslog的了解,此版本应支持文件名和文件夹中的通配符,但是我知道有一个错误,即它没有拾取新创建的文件。 Maybe an update to the latest version avaialble for CentOS 7 would help. 也许更新CentOS 7可用的最新版本会有所帮助。
But the most important thing to ensure is that you are using imfile in inotify mode, wildcards don't work well without that mode enabled. 但是最重要的是要确保您在inotify模式下使用imfile,如果不启用该模式,通配符将无法正常工作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.