rsyslog 输出模块 omprog

rsyslog 输出模块 omprog

文档: http://www.rsyslog.com/doc/ma...

规则

把数据通过stdin传给外部程序处理

• 一条log一行

• 从stdin 读取数据直到EOF

• 处理数据

• 读到EOF时退出

while not EOF(stdin) do {
    Read msg from stdin
    Process msg
}

配置示例

module(load="omprog")
action(type="omprog"
       binary="/pathto/omprog.py --parm1=\"value 1\" --parm2=\"value2\""
       template="RSYSLOG_TraditionalFileFormat")

测试

读取/var/log/test.in数据 -> omprog 模块处理 -> 脚本写入数据到 /var/log/test.out

配置文件

  lidashuang@ubuntu:/var/log$ cat /etc/rsyslog.d/10-file-test.conf
# This configuration has been generated by using the
# rsyslog Configuration Builder which can be found at:
# http://www.rsyslog.com/rsyslog-configuration-builder/
#
# Default Settings

# Load Modules
module(load="imfile"  PollingInterval="1")
module(load="omprog")

# rsyslog Templates

# rsyslog Input Modules
input(type="imfile"
     File="/var/log/test.in"
     Tag="test1"
     Severity="info"
     Facility="local0"
     ruleset="MyRuleSet")

# rsyslog RuleSets
ruleset(name="MyRuleSet") {
    action(type="omprog" binary="/tmp/test.sh")
    stop
}


# This configuration was generated on '2017-07-05 13:05:10'

配置的脚本为 /tmp/test.sh

#!/usr/bin/env bash

read msg
echo $msg >> /var/log/test.out

写入数据

while true; do echo date: `date +%Y-%m-%d:%H:%M:%S`  >> test.in; sleep 2; done