背景
/var/log/httpd/error_log syslog-ng将日志发送到端口5140 kafka producer会将其用于发送给主题设置
options {
flush_lines (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (no);
keep_hostname (no);
};
source s_apache2 {
file("/var/log/httpd/error_log" flags(no-parse));
}
destination loghost {
tcp("*.*.*.*" port(5140));
}
问题
syslog-ng将时间戳和主机名添加到日志数据中,这是不合需要的
<13>Jan 10 11:01:03 hostname [Tue Jan 10 11:01:02 2017] [notice] Digest: generating secret for digest authentication ...
<13>Jan 10 11:01:03 hostname [Tue Jan 10 11:01:02 2017] [notice] Digest: done
<13>Jan 10 11:01:03 hostname [Tue Jan 10 11:01:02 2017] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.4.30 mod_ssl/2.2.15 OpenSSL/1.0.0-fips configured -- resuming normal operations
所需输出(来自as is文件的每个日志行error_log)
[Tue Jan 10 11:01:02 2017] [notice] Digest: generating secret for digest authentication ...
[Tue Jan 10 11:01:02 2017] [notice] Digest: done
[Tue Jan 10 11:01:02 2017] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.4.30 mod_ssl/2.2.15 OpenSSL/1.0.0-fips configured -- resuming normal operations
平台
PS Syslog-ng to Kafka Integration:如果有人试过这个会让我的java Kafka制作人多余的话,请告诉我。
答案 0 :(得分:0)
当你在syslog-ng中使用flags(no-parse)选项时,syslog-ng不会尝试解析消息的不同字段,而是将所有内容放入传入日志消息的MESSAGE字段中,并预先添加一个syslog标头。要删除此标头,请在syslog-ng目标中使用模板:
/opt/PostgresPlus/9.5AS/bin/要使用syslog-ng的Kafka目的地,您需要更新版本的syslog-ng(我推荐3.8或3.9)。 Peter Czanik has written a detailed post about installing new syslog-ng rpm for CentOS