有没有办法从linux中的系统日志中检索消息的严重性级别?我在root之后尝试了以下内容:
1. sudo vim rsyslog.conf
2. tried to add following lines of code so that I could send every level
to separate files
## ------------------------------------------------------------------ #
## All levels in a seperate file
*.emerg -/var/log/log.0_emergency
*.alert;*.!emerg -/var/log/log.1_alert
*.crit;*.!alert -/var/log/log.2_critical
*.err;*.!crit -/var/log/log.3_error
*.warning;*.!err -/var/log/log.4_warning
*.notice;*.!warning -/var/log/log.5_notice
*.info;*.!notice -/var/log/log.6_info
*.debug;*.!info -/var/log/log.7_debug
3. :wq to save and quit vim
然而,这并没有得到保存。有人可以指导我吗?
答案 0 :(得分:1)
我不熟悉旧格式(我还没有对此进行过测试),但这可能会做你想要的:
## ------------------------------------------------------ #
## All levels in a seperate file
*.emerg -/var/log/log.0_emergency
& stop
*.alert;*.!emerg -/var/log/log.1_alert
& stop
*.crit;*.!alert -/var/log/log.2_critical
& stop
*.err;*.!crit -/var/log/log.3_error
& stop
*.warning;*.!err -/var/log/log.4_warning
& stop
*.notice;*.!warning -/var/log/log.5_notice
& stop
*.info;*.!notice -/var/log/log.6_info
& stop
*.debug;*.!info -/var/log/log.7_debug
& stop
这最终会成为我的方法,因为我喜欢"高级"格式是:
if ($syslogfacility-text == 'auth')
or ($syslogfacility-text == 'authpriv') then {
action(
name="auth-log"
type="omfile"
file="/var/log/auth.log")
stop
}
# Keep cron messages in their own dedicated file
if ($syslogfacility-text == 'cron') then {
action(
name="cron-log"
type="omfile"
file="/var/log/cron.log")
stop
}
根据设施,严重性,程序名或任意数量的其他消息或系统属性,根据需要设置尽可能多的块。
文档:
编辑:代表太低而无法回复评论(奇怪的设计选择),所以在此处发帖回复。
重新如何保存文件:
如果您指的是"保存"在你的修改意义上 该文件,请确保您正在修改正确的文件。
重新启动rsyslogsudo nano /etc/rsyslog.conf然后进行更改。 ctrl-x尝试 要退出,请回答Y以保存更改。运行sudo rsyslogd -N2即可 测试您的配置,然后通过sudo service rsyslog restart