如何使用 syslog-ng 只登錄 **mylog**,而不是 **mylog** 和 **syslog**?
[英]How to get log in only **mylog**, instead of **mylog** and **syslog** using syslog-ng?
問題描述
我正在為使用 yocto 構建的板開發一些軟件。 對於日志系統,我使用的是syslog-ng ,但目前,我的應用程序正在 /var/log/syslog 和 /var/log/mylog 上寫入其 output。 他們每個人都以這種方式打開日志:
#include <syslog.h>
int main() {
openlog("my_app_N", LOG_CONS | LOG_PID | LOG_NDELAY, LOG_LOCAL2);
...
...
...
並且文件/etc/syslog-ng/syslog-ng.conf有這個內容(一旦刪除了可能不相關的注釋行):
@version: 3.5
#
# Syslog-ng configuration file, compatible with default Debian syslogd
# installation. Originally written by anonymous (I can't find his name)
# Revised, and rewrited by me (SZALAY Attila <sasa@debian.org>)
# First, set some global options.
options { chain_hostnames(off); keep-timestamp(yes); flush_lines(100); use_dns(no); use_fqdn(no);
owner("root"); group("adm"); perm(0640); stats_freq(0);
bad_hostname("^gconfd$");
};
########################
# Sources
########################
# This is the default behavior of sysklogd package
# Logs may come from unix stream, but not from another machine.
#
source s_src { unix-dgram("/dev/log"); internal();
file("/proc/kmsg" program_override("kernel"));
};
########################
# Templates
########################
# Syslog-ng message template
template t_timestamp {
template("${R_DATE} ${MSGHDR}${MSG}\n");
};
########################
# Destinations
########################
# First some standard logfile
#
#--------------------------------------------------------------------------------------
#For millisecond timestamp
#Uncomment below line
options { frac_digits(3); ts_format(iso); };
destination d_syslog { file("/var/log/syslog" template(t_timestamp) create-dirs(yes)); };
destination d_error { file("/var/log/error" template(t_timestamp) create-dirs(yes)); };
destination d_crit { file("/var/log/critical" template(t_timestamp) create-dirs(yes)); };
destination d_local1 { file("/var/log/otherlog.log" template(t_timestamp) create-dirs(yes)); };
destination d_local2 { file("/var/log/mylog" template(t_timestamp) create-dirs(yes)); };
#--------------------------------------------------------------------------------------
destination d_local0 { file("/var/log/local0.log"); };
########################
# Filters
########################
# Here's come the filter options. With this rules, we can set which
# message go where.
filter f_crit { level(crit .. emerg); };
filter f_net { level(debug, info, notice, warn, alert, emerg); };
filter f_error { level(err .. emerg) ; };
filter f_local0 { facility(local0); };
filter f_local1 { facility(local1); };
filter f_local2 { program("my_app_06") or program("my_app_05") or program("my_app_04") or program("my_app_03") or program("my_app_02") or program("my_app_01") or program("my_app_00") or program("my_app_dbus_server"); };
filter f_syslog3 { not facility(auth, authpriv, mail); };
destination d_syslog_tcp { syslog("192.168.6.7" transport("tcp") port(514)); };
########################
# Log paths
########################
log { source(s_src); filter(f_error); destination(d_error); };
log { source(s_src); filter(f_crit); destination(d_crit); };
log { source(s_src); filter(f_syslog3); destination(d_syslog); destination(d_syslog_tcp); };
log { source(s_src); filter(f_local0); destination(d_local0); };
log { source(s_src); filter(f_local1); destination(d_local1); };
log { source(s_src); filter(f_local2); destination(d_local2); };
我怎樣才能讓 my_apps 只在 /var/log/mylog 上寫入日志而不向 /var/log/syslog 寫入任何內容?
1 個解決方案
解決方案1
0 已采納 2019-09-23 14:56:24
從 syslog-ng v3.15.1 開始,可以使用 if-else,例如:
log {
source(s_src);
if (program("my_app_06") or program("my_app_05") or program("my_app_04") or program("my_app_03") or program("my_app_02") or program("my_app_01") or program("my_app_00") or program("my_app_dbus_server")) {
destination(d_local2);
}
else {
filter(f_syslog3);
destination(d_syslog);
destination(d_syslog_tcp);
};
};
syslog-ng v3.5 真的很老了,我不確定它的功能集,但是:
- 您始終可以創建另一個過濾器否定
f_local2或 - 您可以使用
final標志來“終止”日志路徑,例如:
# list this first with flags(final)
log { source(s_src); filter(f_local2); destination(d_local2); flags(final); };
# list everything else
log { source(s_src); filter(f_syslog3); destination(d_syslog); destination(d_syslog_tcp); };
# ...
使用 syslog-ng 在 json 日志中顯示特殊字符
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.