ho un problema di messagess trunk con rsyslog e apache2. Praticamente ho su un webserver(Amazon ec2) con apache2 e nella conf del dominio ho messo che il CustomLog deve inviare tutto su local0 poi in rsyslog local0 deve inviare (TCP) tutto sul rsyslog remoto.
Questa la conf di rsyslog del client:
- Codice: Seleziona tutto
$ModLoad immark # provides --MARK-- message capability
$ModLoad imudp # provides UDP syslog reception
$MaxMessageSize 64k
$ModLoad imtcp # provides TCP syslog reception and GSS-API (if compiled to support it)
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
$ActionQueueType LinkedList # use asynchronous processing
$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down
#$template RawMessage,"%msg:2:8192%\n"
# Use default timestamp format
# $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
#$ActionFileDefaultTemplate RawMessage
#$ActionQueueSaveOnShutdown on
#$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# Filter duplicated messages
#
# Set the default permissions for all log files.
#
$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$PrivDropToUser syslog
$PrivDropToGroup syslog
#
# Where to place spool files
#
$WorkDirectory /var/spool/rsyslog
#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf
Il server Rsyslog invece è configurato cosi:
- Codice: Seleziona tutto
$ModLoad immark # provides --MARK-- message capability
$ModLoad imudp # provides UDP syslog reception
$MaxMessageSize 64k
$ModLoad imtcp # provides TCP syslog reception and GSS-API (if compiled to support it)
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
$InputTCPServerRun 514
$MainMsgQueueWorkerThreads 2
$KLogPermitNonKernelFacility on
$template RawMessage,"%msg:2:8192%\n"
# Use default timestamp format
# $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$ActionFileDefaultTemplate RawMessage
###########################
#### GLOBAL DIRECTIVES ####
###########################
#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
#$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# Filter duplicated messages
$RepeatedMsgReduction on
#
# Set the default permissions for all log files.
#
$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$PrivDropToUser syslog
$PrivDropToGroup syslog
#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog
#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf
if $fromhost-ip == '10.0.0.249' then {
local0.* /log/track/access.log
local1.* /log/track/error.log
se invio una stringa come questa:
- Codice: Seleziona tutto
172.16.12.10 - - [27/May/2015:12:07:34 +0200] "GET /track.gif?env=prod&&;&url=https%253A%252F%252Fwww.pippo.com%252Fen%252F%253Fgclid%253DCISlzavW4cUCFdTKtAodxB4A6w%2526gclsrc%253Daw.ds&;&page_type=frontend_home&;&referrer=http%253A%252F%252Fwww.googleadservices.com%252Fpagead%252Faclk%253Fsa%253DL%2526ai%253DC4N9XIpdlVfriAoubzAPuwIKICqS44pwGlJag5uYBzY_8uwYIABABYP0CoAGniuvUA8gBAakCdgMSv6xRsj6qBCFP0D0SE4u62egFAWFZtU93fGE2twQjLNDQ8_i4bvEF97uIBgGAB4yBmy2QBwOoB6a-G6gHk8IbqAeUwhvYBwE%2526ohost%253Dwww.google.it%2526cid%253D5GgDz5moUjiFDIteyMD0O5H0RYcBOyBOlDLGAHfjurPCNhw%2526sig%253DAOD64_0veZKbVkpJXcH_-Pk7P9BozaMyCg%2526clui%253D0%2526rct%253Dj%2526q%253D%2526ved%253D0CB4Q0Qw%2526adurl%253Dhttp%253A%252F%252Fclickserve.dartsearch.net%252Flink%252Fclick%25253Flid%25253D43700006055697094%252526ds_s_kwgid%25253D58700000406638750%252526ds_e_adid%25253D61947057188%252526ds_e_matchtype%25253Dsearch%252526ds_e_device%25253Dc%252526ds_e_network%25253Dg%252526ds_url_v%25253D2&;&locale=en&;&id=83a32c31874509ceafbba70c3f
<SPEZZA QUI>
8076f5&;&hitid=83a32c31874509ceafbba70c3f8076f5-1432721206725&;&maid=&;&agent=Mozilla/5.0%20(Windows%20NT%206.1;%20WOW64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/43.0.2357.81%20Safari/537.36&;¤cy=EUR&;&session=&;&customer= HTTP/1.1" 200 1386 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36"
la stringa viene spezzata, se invece invio solo delle lettere "A" della stessa lunghezza, questa arriva non spezzettata. Aveto Soluzioni per non farla tagliare?
Grazie
Salve, sezione errata, clicca su
Ciao