RSYSLOG.CONF -- DNS

 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

  cat /etc/rsyslog.conf

 

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 

[root@ns9-eq log]# vi /etc/rsyslog.conf
[root@ns9-eq log]# systemctl restart rsyslog
[root@ns9-eq log]# systemctl status rsyslog.servoce
 


#### RULES ####

auth,user.*     /var/log/messages
kern.*          /var/log/kern.log
daemon.*        /var/log/daemon.log
syslog.*        /var/log/syslog
mail.*          /var/log/mail.log
named.*         /var/named/chroot/var/log/*.log 
lpr,news,uucp,local0,local1,local2,local3,local4,local5,local6.* /var/log/unused.log
*.* @192.168.130.12


DNS Logs :    named.*     /var/named/chroot/var/log/*.log  

 

 

 

 Fluent d  /etc/td-agent/config.d/worker_0/syslog.conf

<source>
  @type tail
  path /var/named/chroot/var/log/*.log
  pos_file /var/lib/fluent_oci_outplugin/pos/named.pos
  pos_file_compaction_interval 24h
  enable_watch_timer true
  enable_stat_watcher true
  follow_inodes true
  <parse>
    @type none
  </parse>
  format /type=(?<type>[\S]+)\smsg=dnslogs\((?<attrs>[\S]+)\):\s(?<message>.+)/
  tag oci.0.8x8.vo.prod.os.named.*
</source>

 ----

 

<source>
  @type tail
  path /var/log/dns*.log
  pos_file /var/lib/fluent_oci_outplugin/pos/dnslogs.pos
  pos_file_compaction_interval 24h
  enable_watch_timer true
  enable_stat_watcher true
  follow_inodes true
  <parse>
    @type none
  </parse>
  format /type=(?<type>[\S]+)\smsg=dnslogs\((?<attrs>[\S]+)\):\s(?<message>.+)/
  tag oci.0.8x8.vo.prod.os.named.*
</source>
 

 #### RULES ####

auth,user.*     /var/log/messages
kern.*          /var/log/kern.log
daemon.*        /var/log/daemon.log
syslog.*        /var/log/syslog
mail.*          /var/log/mail.log
named.*         /var/log/dns*.log
lpr,news,uucp,local0,local1,local2,local3,local4,local5,local6.* /var/log/unused.log
*.* @192.168.130.12
[root@ns5-eq worker_0]#

Comments

Post a Comment

Popular posts from this blog

FluentD - Parse

Image
 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  FluentD : Parse +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  Some of the Fluentd plugins support the <parse> section to specify how to parse the raw data. Parse Section Overview : The parse section can be under <source> , <match> or <filter> section. It is enabled for the plugins that support parser plugin features. <source>   @type tail   # ...   <parse>     # ...   </parse> </source> Parse Plugin Type : The @type parameter of <parse> section specifies the type of the parser plugin. Fluentd core bundles some useful  <parse>   @ type apache2 </parse> Third-party plugins may also be installed and configured.                      
Read more

FluentD : Tags : Prefix : Suffix

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++   +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ You can also access to a certain portion of a tag using the following notations: tag_parts[N] refers to the Nth part of the tag. tag_prefix[N] refers to the [0..N] part of the tag. tag_suffix[N] refers to the [N..] part of the tag. All indices are zero-based. For example, if you have an incoming event tagged debug.my.app, then tag_parts[1] will represent my. Also in this case, tag_prefix[N] and tag_suffix[N] will work as follows: tag_prefix[0] = debug          tag_suffix[0] = debug.my.app tag_prefix[1] = debug.my       tag_suffix[1] = my.app tag_prefix[2] = debug.my.app   tag_suffix[2] = app
Read more

Fluentd :

 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++     +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  Interlude Routing : The source submits events to the Fluentd routing engine. An event consists of three entities: tag, time and record. The tag is a string separated by dots (e.g. myapp.access), and is used as the directions for Fluentd internal routing engine. The time field is specified by input plugins, and it must be in the Unix time format. The record is a JSON object
Read more