ng日志集中管理服务部署记录(3)

比如在上面客户机传输nginx日志时打上标记，比如：
1）如果标记为web-node01-nginx.log，做法为：
在客户机上先创建管道文件，接着重启syslo-ng服务，然后再打标记，最后进行文件传输
[root@web-node01 ~]# mkfifo /data/kevin/log.pipe
[root@web-node01 ~]# /etc/init.d/syslog-ng start
[root@web-node01 ~]# sed -ri 's/(^.)/web-node01-nginx.log--\1/' /etc/nginx/logs/access.log
[root@web-node01 ~]# tail -f /etc/nginx/logs/access.log >> /data/kevin/log.pipe &
 
查看客户机的/etc/nginx/logs/access.log日志，发现标记已经打上了
[root@web-node01 ~]# tail -f /etc/nginx/logs/access.log
web-node01-nginx.log--172.16.42.183 - [04/Jul/2018:16:52:10 +0800] "GET /a.txt HTTP/1.1" 200 1136 "-" Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 - 0.000 - - -
web-node01-nginx.log--172.16.42.183 - [04/Jul/2018:16:52:10 +0800] "GET /favicon.ico HTTP/1.1" 404 571 "http://192.168.10.206:8080/a.txt" Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 - 0.000 - - -
web-node01-nginx.log--172.16.42.183 - [04/Jul/2018:16:52:10 +0800] "GET /a.txt HTTP/1.1" 200 1136 "-" Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 - 0.000 - - -
 
然后去syslong-ng服务器端，查看传输过来的nginx日志，发现也打上了标记
[root@syslog-ng ~]# tail -f /data/syslog-ng/kevin.log
Jul  4 17:47:27 web-node01 web-node01-nginx.log--172.16.42.183 - [04/Jul/2018:16:52:10 +0800] "GET /a.txt HTTP/1.1" 200 1136 "-" Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 - 0.000 - - -
Jul  4 17:47:27 web-node01 web-node01-nginx.log--172.16.42.183 - [04/Jul/2018:16:52:10 +0800] "GET /favicon.ico HTTP/1.1" 404 571 "http://192.168.10.206:8080/a.txt" Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 - 0.000 - - -
Jul  4 17:47:27 web-node01 web-node01-nginx.log--172.16.42.183 - [04/Jul/2018:16:52:10 +0800] "GET /a.txt HTTP/1.1" 200 1136 "-" Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 - 0.000 - - -
 
2）标记为kevin-test-haha，做法为：
[root@web-node01 ~]# sed -ri 's/(^.)/kevin-test-haha--\1/' /etc/nginx/logs/access.log
[root@web-node01 ~]# tail -f /etc/nginx/logs/access.log >> /data/kevin/log.pipe &
 
查看客户机的/etc/nginx/logs/access.log日志，发现标记已经打上了
[root@web-node01 ~]# tail -f /etc/nginx/logs/access.log
kevin-test-haha--172.16.42.183 - [04/Jul/2018:16:54:22 +0800] "GET /a.txt HTTP/1.1" 304 0 "-" Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 - 0.000 - - -
kevin-test-haha--172.16.42.183 - [04/Jul/2018:16:54:23 +0800] "GET /a.txt HTTP/1.1" 304 0 "-" Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 - 0.000 - - -
kevin-test-haha--172.16.42.183 - [04/Jul/2018:17:50:43 +0800] "GET /a.txt HTTP/1.1" 304 0 "-" Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 - 0.000 - - -
 
然后去syslong-ng服务器端，查看传输过来的nginx日志，发现也打上了标记
[root@syslog-ng ~]# tail -f /data/syslog-ng/kevin.log
Jul  4 17:54:03 web-node01 kevin-test-haha--172.16.42.183 - [04/Jul/2018:16:54:22 +0800] "GET /a.txt HTTP/1.1" 304 0 "-" Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 - 0.000 - - -
Jul  4 17:54:03 web-node01 kevin-test-haha--172.16.42.183 - [04/Jul/2018:16:54:23 +0800] "GET /a.txt HTTP/1.1" 304 0 "-" Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 - 0.000 - - -
Jul  4 17:54:03 web-node01 kevin-test-haha--172.16.42.183 - [04/Jul/2018:17:50:43 +0800] "GET /a.txt HTTP/1.1" 304 0 "-" Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 - 0.000 - - -
 
3）其他日志打标记，做法和上面类似。
  注意：最好不要打多次标记，否则日志里就会显示多次标记！

=====================补充扩展：syslog-ng知识详解====================