ng日志集中管理服务部署记录(3)

比如在上面客户机传输nginx日志时打上标记,比如:
1)如果标记为web-node01-nginx.log,做法为:
在客户机上先创建管道文件,接着重启syslo-ng服务,然后再打标记,最后进行文件传输
[root@web-node01 ~]# mkfifo /data/kevin/log.pipe
[root@web-node01 ~]# /etc/init.d/syslog-ng start
[root@web-node01 ~]# sed -ri 's/(^.)/web-node01-nginx.log--\1/' /etc/nginx/logs/access.log
[root@web-node01 ~]# tail -f /etc/nginx/logs/access.log >> /data/kevin/log.pipe &
 
查看客户机的/etc/nginx/logs/access.log日志,发现标记已经打上了
[root@web-node01 ~]# tail -f /etc/nginx/logs/access.log
web-node01-nginx.log--172.16.42.183 - [04/Jul/2018:16:52:10 +0800] "GET /a.txt HTTP/1.1" 200 1136 "-" Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 - 0.000 - - -
web-node01-nginx.log--172.16.42.183 - [04/Jul/2018:16:52:10 +0800] "GET /favicon.ico HTTP/1.1" 404 571 "http://192.168.10.206:8080/a.txt" Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 - 0.000 - - -
web-node01-nginx.log--172.16.42.183 - [04/Jul/2018:16:52:10 +0800] "GET /a.txt HTTP/1.1" 200 1136 "-" Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 - 0.000 - - -
 
然后去syslong-ng服务器端,查看传输过来的nginx日志,发现也打上了标记
[root@syslog-ng ~]# tail -f /data/syslog-ng/kevin.log
Jul  4 17:47:27 web-node01 web-node01-nginx.log--172.16.42.183 - [04/Jul/2018:16:52:10 +0800] "GET /a.txt HTTP/1.1" 200 1136 "-" Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 - 0.000 - - -
Jul  4 17:47:27 web-node01 web-node01-nginx.log--172.16.42.183 - [04/Jul/2018:16:52:10 +0800] "GET /favicon.ico HTTP/1.1" 404 571 "http://192.168.10.206:8080/a.txt" Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 - 0.000 - - -
Jul  4 17:47:27 web-node01 web-node01-nginx.log--172.16.42.183 - [04/Jul/2018:16:52:10 +0800] "GET /a.txt HTTP/1.1" 200 1136 "-" Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 - 0.000 - - -
 
2)标记为kevin-test-haha,做法为:
[root@web-node01 ~]# sed -ri 's/(^.)/kevin-test-haha--\1/' /etc/nginx/logs/access.log
[root@web-node01 ~]# tail -f /etc/nginx/logs/access.log >> /data/kevin/log.pipe &
 
查看客户机的/etc/nginx/logs/access.log日志,发现标记已经打上了
[root@web-node01 ~]# tail -f /etc/nginx/logs/access.log
kevin-test-haha--172.16.42.183 - [04/Jul/2018:16:54:22 +0800] "GET /a.txt HTTP/1.1" 304 0 "-" Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 - 0.000 - - -
kevin-test-haha--172.16.42.183 - [04/Jul/2018:16:54:23 +0800] "GET /a.txt HTTP/1.1" 304 0 "-" Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 - 0.000 - - -
kevin-test-haha--172.16.42.183 - [04/Jul/2018:17:50:43 +0800] "GET /a.txt HTTP/1.1" 304 0 "-" Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 - 0.000 - - -
 
然后去syslong-ng服务器端,查看传输过来的nginx日志,发现也打上了标记
[root@syslog-ng ~]# tail -f /data/syslog-ng/kevin.log
Jul  4 17:54:03 web-node01 kevin-test-haha--172.16.42.183 - [04/Jul/2018:16:54:22 +0800] "GET /a.txt HTTP/1.1" 304 0 "-" Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 - 0.000 - - -
Jul  4 17:54:03 web-node01 kevin-test-haha--172.16.42.183 - [04/Jul/2018:16:54:23 +0800] "GET /a.txt HTTP/1.1" 304 0 "-" Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 - 0.000 - - -
Jul  4 17:54:03 web-node01 kevin-test-haha--172.16.42.183 - [04/Jul/2018:17:50:43 +0800] "GET /a.txt HTTP/1.1" 304 0 "-" Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 - 0.000 - - -
 
3)其他日志打标记,做法和上面类似。
  注意:最好不要打多次标记,否则日志里就会显示多次标记!

=====================补充扩展:syslog-ng知识详解====================

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:https://www.heiqu.com/4b514d9584651d8056a0a00864606157.html