有没有办法从 linux 的系统日志中检索消息的严重性级别?成为root后我尝试了以下操作:
1. sudo vim rsyslog.conf
2. tried to add following lines of code so that I could send every level
to separate files
## ------------------------------------------------------------------ #
## All levels in a seperate file
*.emerg -/var/log/log.0_emergency
*.alert;*.!emerg -/var/log/log.1_alert
*.crit;*.!alert -/var/log/log.2_critical
*.err;*.!crit -/var/log/log.3_error
*.warning;*.!err -/var/log/log.4_warning
*.notice;*.!warning -/var/log/log.5_notice
*.info;*.!notice -/var/log/log.6_info
*.debug;*.!info -/var/log/log.7_debug
3. :wq to save and quit vim
但是,这并没有得到保存。有人可以指导我吗?
最佳答案
我对旧格式不太熟悉(而且我没有测试过),但这可能会满足您的需求:
## ------------------------------------------------------ #
## All levels in a seperate file
*.emerg -/var/log/log.0_emergency
& stop
*.alert;*.!emerg -/var/log/log.1_alert
& stop
*.crit;*.!alert -/var/log/log.2_critical
& stop
*.err;*.!crit -/var/log/log.3_error
& stop
*.warning;*.!err -/var/log/log.4_warning
& stop
*.notice;*.!warning -/var/log/log.5_notice
& stop
*.info;*.!notice -/var/log/log.6_info
& stop
*.debug;*.!info -/var/log/log.7_debug
& stop
这最终会成为我的方法,因为我喜欢“高级”格式的精确度:
if ($syslogfacility-text == 'auth')
or ($syslogfacility-text == 'authpriv') then {
action(
name="auth-log"
type="omfile"
file="/var/log/auth.log")
stop
}
# Keep cron messages in their own dedicated file
if ($syslogfacility-text == 'cron') then {
action(
name="cron-log"
type="omfile"
file="/var/log/cron.log")
stop
}
根据设备、严重性、程序名称或任何数量的其他消息或系统属性,设置尽可能多的这些 block 。
文件:
编辑:代表太低,无法回复评论(奇怪的设计选择),所以在这里发布回复。
重新保存文件的方法:
If you are referring to "saving" in the sense of your modifications to the file, make sure that you are modifying the correct file.
sudo nano /etc/rsyslog.confand then make your changes. ctrl-x to attempt to quit, answer Y to saving the changes. Runsudo rsyslogd -N2to test your configuration and then restart rsyslog viasudo service rsyslog restart
关于linux - 有没有办法从 linux 的系统日志中检索消息的严重级别?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/49204605/