当我尝试向多个rsyslog服务器发送数据时,它只选择第一个转发规则并忽略休息。
我的rsyslog客户端配置文件。
$WorkDirectory /var/tmp/rsyslog/work
$DefaultNetstreamDriverCAFile /usr/local/abc/certs/syslog_ca.crt
$DefaultNetstreamDriver gtls # use gtls netstream driver
### Forwarding rules #1
$ActionSendStreamDriverMode 1 # require TLS for the connection
$ActionSendStreamDriverAuthMode anon # server is NOT authenticated
$ActionQueueType LinkedList # use asynchronous processing
$ActionQueueFileName srvrfwd # set file name, also enables disk mode
$ActionResumeRetryCount -1 # infinite retries on insert failure
$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down
if $syslogtag contains 'error' then @@rsyslog.abc.com:10514
& ~
###
### Forwarding rules #2
$ActionSendStreamDriverMode 1 # require TLS for the connection
$ActionSendStreamDriverAuthMode anon # server is NOT authenticated
$ActionQueueType LinkedList # use asynchronous processing
$ActionQueueFileName srvrfwd1 # set file name, also enables disk mode
$ActionResumeRetryCount -1 # infinite retries on insert failure
$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down
if $syslogtag contains 'error' then @@rsyslog1.abc.com:10514
& ~
###
如果我评论转发规则#1,它需要规则#2。
答案 0 :(得分:2)
来自rsyslog文档:(http://www.rsyslog.com/storing-messages-from-a-remote-system-into-a-specific-file/)
下一行(“&〜”)很重要:它告诉rsyslog停止 在将消息写入日志后处理消息
这样(正常)起作用:
$WorkDirectory /var/tmp/rsyslog/work
$DefaultNetstreamDriverCAFile /usr/local/abc/certs/syslog_ca.crt
$DefaultNetstreamDriver gtls # use gtls netstream driver
### Forwarding rules #1
$ActionSendStreamDriverMode 1 # require TLS for the connection
$ActionSendStreamDriverAuthMode anon # server is NOT authenticated
$ActionQueueType LinkedList # use asynchronous processing
$ActionQueueFileName srvrfwd # set file name, also enables disk mode
$ActionResumeRetryCount -1 # infinite retries on insert failure
$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down
if $syslogtag contains 'error' then @@rsyslog.abc.com:10514
###
### Forwarding rules #2
$ActionSendStreamDriverMode 1 # require TLS for the connection
$ActionSendStreamDriverAuthMode anon # server is NOT authenticated
$ActionQueueType LinkedList # use asynchronous processing
$ActionQueueFileName srvrfwd1 # set file name, also enables disk mode
$ActionResumeRetryCount -1 # infinite retries on insert failure
$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down
if $syslogtag contains 'error' then @@rsyslog1.abc.com:10514
& ~
###
或简单地说:
$WorkDirectory /var/tmp/rsyslog/work
$DefaultNetstreamDriverCAFile /usr/local/abc/certs/syslog_ca.crt
$DefaultNetstreamDriver gtls # use gtls netstream driver
$ActionSendStreamDriverMode 1 # require TLS for the connection
$ActionSendStreamDriverAuthMode anon # server is NOT authenticated
$ActionQueueType LinkedList # use asynchronous processing
$ActionQueueFileName srvrfwd # set file name, also enables disk mode
$ActionResumeRetryCount -1 # infinite retries on insert failure
$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down
if $syslogtag contains 'error' then @@rsyslog.abc.com:10514
& @@rsyslog1.abc.com:10514
###