我是設定 rsyslog 進行集中日誌記錄的新手,想知道你們中的一位專家是否可以幫助我解決以下問題。我試圖將每個遠端主機的日誌儲存到每個主機目錄中。除了郵件日誌之外,這工作得很好。由於某些原因,郵件日誌會進入為特定主機定義的目錄,但也會為所有執行郵件的主機寫入 /var/log/maillog。
是否有特定的配置會導致日誌寫入多個位置?
這是我的remote-hosts.conf 文件
$ModLoad imtcp
$InputTCPServerRun 514
$DirGroup root
$DirCreateMode 0755
$FileGroup root
$template PerHostAuth,"/srv/rsyslog/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/auth.log"
$template PerHostCron,"/srv/rsyslog/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/cron.log"
$template PerHostSyslog,"/srv/rsyslog/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/syslog"
$template PerHostDaemon,"/srv/rsyslog/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/daemon.log"
$template PerHostKern,"/srv/rsyslog/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/kern.log"
$template PerHostLpr,"/srv/rsyslog/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/lpr.log"
$template PerHostUser,"/srv/rsyslog/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/user.log"
$template PerHostMail,"/srv/rsyslog/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/mail.log"
$template PerHostMailInfo,"/srv/rsyslog/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/mail.info"
$template PerHostMailWarn,"/srv/rsyslog/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/mail.warn"
$template PerHostMailErr,"/srv/rsyslog/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/mail.err"
$template PerHostNewsCrit,"/srv/rsyslog/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/news.crit"
$template PerHostNewsErr,"/srv/rsyslog/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/news.err"
$template PerHostNewsNotice,"/srv/rsyslog/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/news.notice"
$template PerHostDebug,"/srv/rsyslog/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/debug"
$template PerHostMessages,"/srv/rsyslog/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/messages"
auth,authpriv.* ?PerHostAuth
*.*;auth,authpriv.none -?PerHostSyslog
cron.* ?PerHostCron
daemon.* -?PerHostDaemon
kern.* -?PerHostKern
lpr.* -?PerHostLpr
mail.* -?PerHostMail
user.* -?PerHostUser
mail.info -?PerHostMailInfo
mail.warn ?PerHostMailWarn
mail.err ?PerHostMailErr
news.crit ?PerHostNewsCrit
news.err ?PerHostNewsErr
news.notice -?PerHostNewsNotice
*.=debug;\
auth,authpriv.none;\
news.none;mail.none -?PerHostDebug
*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail,news.none -?PerHostMessages
所以發生的事情是我有日誌發送到 /var/log/maillog全部我的郵件伺服器透過 syslog 發送日誌以及其各自的目錄
/srv/rsyslog/%$YEAR%/%$MONTH%/%$DAY%/Host1/mail.log
/srv/rsyslog/%$YEAR%/%$MONTH%/%$DAY%/Host2/mail.log
/srv/rsyslog/%$YEAR%/%$MONTH%/%$DAY%/Host3/mail.log
/srv/rsyslog/%$YEAR%/%$MONTH%/%$DAY%/Host4/mail.log
阻止日誌寫入遠端系統郵件日誌的正確方法是什麼?
謝謝您的幫忙!