centos rsyslog 的跨机器使用

1. 发送方机器(192.168.0.2)的/etc/rsyslog.d目录下增加配置文件aaa.conf，内容如下:

module(load="imfile")
$PreserveFQDN on

ruleset(name="happy") {
    if  ( $msg contains "HELLO" ) then {
        action(
              type="omfwd"
              Target="192.168.0.3"
              Port="514"
              Protocol="udp"
              )
        stop
    }
    else {
        stop
    }
}

input(type="imfile"
      File="/home/work/log/send.log"
      Tag=""
      Facility="local5"
      #freshStartTail="on"
      reopenOnTruncate="on"
      ruleset="happy"
     )

2. 接收方机器(192.168.0.3)的/etc/rsyslog.d目录下增加配置文件bbb.conf，内容如下:

$ModLoad imudp
input (
    type="imudp"
    port="514"
    ruleset="happy"
)
ruleset(name="happy") {
    action(
        type="omfile"
        File="/home/work/recv.log"
       )
    stop
}

3. 注意

rsyslog的版本不能过低;
配完需要重启rsyslog服务;

4. 参考
   https://toutiao.io/posts/rnayt1/preview