Rhel
引入系統日誌事件時,如何將日誌拆分為每月、每日和每小時文件夾?
我通過 rsyslog 引入日誌文件,我的配置如下所示:
root@rhel:/etc/rsyslog.d# head mail_prod_logs.conf if $fromhost-ip=="10.10.10.10" and $programname=="AMP_Logs" then -/var/log/mail_logs/amp.log我的日誌都儲存在
/var/log/mail_logs/amp.log文件夾中:Oct 18 13:29:28 server.com AMP_Logs: Info: Begin Logfile Oct 18 14:29:28 server.com AMP_Logs: Info: Version: 12.1.0-000 SN: ..... Oct 18 14:29:28 server.com AMP_Logs: Info: Time offset from UTC: -14400 seconds Oct 18 15:29:23 server.com AMP_Logs: Info: Response received for..... Oct 18 15:29:23 server.com AMP_Logs: Info: File reputation query..... Oct 19 13:29:23 server.com AMP_Logs: Info: Response received for fil.... Oct 19 13:29:58 server.com AMP_Logs: Info: File reputation query .... Oct 19 13:29:58 server.com AMP_Logs: Info: File reputation query ....我想使用
datetime日誌的一部分將這些放在當月內每日文件夾內的每小時文件夾中,同時通過編輯mail_prod_logs.conf.所以它看起來像:
/var/log/mail_logs/Sep/30/23.log /var/log/mail_logs/Oct/01/00.log /var/log/mail_logs/Oct/01/01.log /var/log/mail_logs/Oct/01/02.log ...我怎樣才能做到這一點?
您可以使用動態文件模板執行此操作。使用屬性替換器來選擇
%timestamp%屬性的一部分,特別是選項date-day和date-hour字元 1 到 3date-rfc3164(這是一個類似於“Oct 9 09:47:08”的字元串)。通常,在範例中,模板被稱為DynFile:$template DynFile,"/var/log/mail_logs/%timestamp:1:3:date-rfc3164%/%timestamp:::date-day%/%timestamp:::date-hour%.log"要使用模板,
...then -/var/log/mail_logs/amp.log請將...then -?DynFile如果您考慮將 3 個字母的月份(Jan、Feb、…)替換為 2 位數的月份以便於處理,請改用
$template DynFile,"/var/log/mail_logs/%timestamp:::date-month%/%timestamp:::date-day%/%timestamp:::date-hour%.log