我需要在发送到远程日志收集器之前,在路径#/var/log/tcp/s.log中生成的每行日志中添加标记“TCP”。
我更喜欢使用syslog-ng。这里有syslog.conf文件的一部分,但不正确。
filter f_local (fa cility(tcp) and (info,err,warn,));
source S_tcp {
tags("tcp");
file ("/var/log/tcp/s.log" flags (no-parse));};
#The IP address of the remote log collector.
destination logcollector {udp ("192.168.12.1" port(514));};
#send everything to remote collector.
log { source(S_TCP); filter(s_tcp);destination(logcollector); };