在linux中,有没有办法从系统日志中检索消息的严重性级别?
在linux中,有没有办法从系统日志中检索消息的严重性级别?在成为root之后,我尝试了以下方法:在linux中,有没有办法从系统日志中检索消息的严重性级别?,linux,ubuntu,rsyslog,Linux,Ubuntu,Rsyslog,在linux中,有没有办法从系统日志中检索消息的严重性级别?在成为root之后,我尝试了以下方法: 1. sudo vim rsyslog.conf 2. tried to add following lines of code so that I could send every level to separate files ## ------------------------------------------------------------------
1. sudo vim rsyslog.conf
2. tried to add following lines of code so that I could send every level
to separate files
## ------------------------------------------------------------------ #
## All levels in a seperate file
*.emerg -/var/log/log.0_emergency
*.alert;*.!emerg -/var/log/log.1_alert
*.crit;*.!alert -/var/log/log.2_critical
*.err;*.!crit -/var/log/log.3_error
*.warning;*.!err -/var/log/log.4_warning
*.notice;*.!warning -/var/log/log.5_notice
*.info;*.!notice -/var/log/log.6_info
*.debug;*.!info -/var/log/log.7_debug
3. :wq to save and quit vim
但是,这不会被保存。有人可以指导我吗?我对旧格式不太熟悉,也没有测试过,但这可能会满足您的要求:
## ------------------------------------------------------ #
## All levels in a seperate file
*.emerg -/var/log/log.0_emergency
& stop
*.alert;*.!emerg -/var/log/log.1_alert
& stop
*.crit;*.!alert -/var/log/log.2_critical
& stop
*.err;*.!crit -/var/log/log.3_error
& stop
*.warning;*.!err -/var/log/log.4_warning
& stop
*.notice;*.!warning -/var/log/log.5_notice
& stop
*.info;*.!notice -/var/log/log.6_info
& stop
*.debug;*.!info -/var/log/log.7_debug
& stop
这将成为我的方法,因为我喜欢高级格式的精确性:
if ($syslogfacility-text == 'auth')
or ($syslogfacility-text == 'authpriv') then {
action(
name="auth-log"
type="omfile"
file="/var/log/auth.log")
stop
}
# Keep cron messages in their own dedicated file
if ($syslogfacility-text == 'cron') then {
action(
name="cron-log"
type="omfile"
file="/var/log/cron.log")
stop
}
根据设备、严重性、程序名或任何数量的其他消息或系统属性设置所需的过滤块
文件:
编辑:rep太低,无法回复评论。奇怪的设计选择,所以在这里发布回复
有关如何保存文件的详细信息:
如果您指的是保存,即您对
如果要修改文件,请确保您正在修改正确的文件。苏多
nano/etc/rsyslog.conf,然后进行更改。按ctrl-x进行尝试
要退出,请回答Y以保存更改。运行sudo rsyslogd-N2至
测试您的配置,然后通过sudo服务重新启动rsyslog
rsyslog重启
您是如何保存rsyslog.conf文件的@deoren@Gayatri修改了我原来的答案。Stack Exchange移动应用程序很顽固,不允许在此处发布完整回复。