有什么方法可以从 linux 中的系统日志中检索消息的严重级别?
Is there any way to retrieve the severity level of the messages from system log in linux?
有什么方法可以从系统日志中检索消息的严重级别 linux?成为 root 后,我尝试了以下操作:
1. sudo vim rsyslog.conf
2. tried to add following lines of code so that I could send every level
to separate files
## ------------------------------------------------------------------ #
## All levels in a seperate file
*.emerg -/var/log/log.0_emergency
*.alert;*.!emerg -/var/log/log.1_alert
*.crit;*.!alert -/var/log/log.2_critical
*.err;*.!crit -/var/log/log.3_error
*.warning;*.!err -/var/log/log.4_warning
*.notice;*.!warning -/var/log/log.5_notice
*.info;*.!notice -/var/log/log.6_info
*.debug;*.!info -/var/log/log.7_debug
3. :wq to save and quit vim
然而,这并没有被保存。有人可以指导我吗?
我不太熟悉旧格式(我还没有测试过),但这可能会满足您的需求:
## ------------------------------------------------------ #
## All levels in a seperate file
*.emerg -/var/log/log.0_emergency
& stop
*.alert;*.!emerg -/var/log/log.1_alert
& stop
*.crit;*.!alert -/var/log/log.2_critical
& stop
*.err;*.!crit -/var/log/log.3_error
& stop
*.warning;*.!err -/var/log/log.4_warning
& stop
*.notice;*.!warning -/var/log/log.5_notice
& stop
*.info;*.!notice -/var/log/log.6_info
& stop
*.debug;*.!info -/var/log/log.7_debug
& stop
这最终会成为我的方法,因为我喜欢 "advanced" 格式的精确度:
if ($syslogfacility-text == 'auth')
or ($syslogfacility-text == 'authpriv') then {
action(
name="auth-log"
type="omfile"
file="/var/log/auth.log")
stop
}
# Keep cron messages in their own dedicated file
if ($syslogfacility-text == 'cron') then {
action(
name="cron-log"
type="omfile"
file="/var/log/cron.log")
stop
}
根据设施、严重程度、程序名称或任意数量的其他消息或系统属性设置您需要过滤的块。
文档:
- http://www.rsyslog.com/doc/v8-stable/configuration/conf_formats.html
- http://www.rsyslog.com/doc/v8-stable/configuration/properties.html
- http://www.rsyslog.com/doc/v8-stable/configuration/filters.html
编辑:代表太低无法回复评论(奇怪的设计选择),所以在这里发表回复。
关于如何保存文件:
If you are referring to "saving" in the sense of your modifications to
the file, make sure that you are modifying the correct file. sudo
nano /etc/rsyslog.conf and then make your changes. ctrl-x to attempt
to quit, answer Y to saving the changes. Run sudo rsyslogd -N2 to
test your configuration and then restart rsyslog via sudo service
rsyslog restart
有什么方法可以从系统日志中检索消息的严重级别 linux?成为 root 后,我尝试了以下操作:
1. sudo vim rsyslog.conf
2. tried to add following lines of code so that I could send every level
to separate files
## ------------------------------------------------------------------ #
## All levels in a seperate file
*.emerg -/var/log/log.0_emergency
*.alert;*.!emerg -/var/log/log.1_alert
*.crit;*.!alert -/var/log/log.2_critical
*.err;*.!crit -/var/log/log.3_error
*.warning;*.!err -/var/log/log.4_warning
*.notice;*.!warning -/var/log/log.5_notice
*.info;*.!notice -/var/log/log.6_info
*.debug;*.!info -/var/log/log.7_debug
3. :wq to save and quit vim
然而,这并没有被保存。有人可以指导我吗?
我不太熟悉旧格式(我还没有测试过),但这可能会满足您的需求:
## ------------------------------------------------------ #
## All levels in a seperate file
*.emerg -/var/log/log.0_emergency
& stop
*.alert;*.!emerg -/var/log/log.1_alert
& stop
*.crit;*.!alert -/var/log/log.2_critical
& stop
*.err;*.!crit -/var/log/log.3_error
& stop
*.warning;*.!err -/var/log/log.4_warning
& stop
*.notice;*.!warning -/var/log/log.5_notice
& stop
*.info;*.!notice -/var/log/log.6_info
& stop
*.debug;*.!info -/var/log/log.7_debug
& stop
这最终会成为我的方法,因为我喜欢 "advanced" 格式的精确度:
if ($syslogfacility-text == 'auth')
or ($syslogfacility-text == 'authpriv') then {
action(
name="auth-log"
type="omfile"
file="/var/log/auth.log")
stop
}
# Keep cron messages in their own dedicated file
if ($syslogfacility-text == 'cron') then {
action(
name="cron-log"
type="omfile"
file="/var/log/cron.log")
stop
}
根据设施、严重程度、程序名称或任意数量的其他消息或系统属性设置您需要过滤的块。
文档:
- http://www.rsyslog.com/doc/v8-stable/configuration/conf_formats.html
- http://www.rsyslog.com/doc/v8-stable/configuration/properties.html
- http://www.rsyslog.com/doc/v8-stable/configuration/filters.html
编辑:代表太低无法回复评论(奇怪的设计选择),所以在这里发表回复。
关于如何保存文件:
If you are referring to "saving" in the sense of your modifications to the file, make sure that you are modifying the correct file.
sudo nano /etc/rsyslog.confand then make your changes. ctrl-x to attempt to quit, answer Y to saving the changes. Runsudo rsyslogd -N2to test your configuration and then restart rsyslog viasudo service rsyslog restart