Rsyslog Server安装
[root@rsyslog ~]# yum install rsyslog -y修改配置/etc/rsyslog.conf
开启udp接收
module(load="imudp") # needs to be done just once
input(type="imudp" port="514")开启tcp接收
module(load="imtcp") # needs to be done just once
input(type="imtcp" port="514")定义日志存放路径及名称模版
$template Remote,"/var/log/syslog/%fromhost-ip%/%fromhost-ip%_%$YEAR%-%$MONTH%-%$DAY%.log"Example
启动rsyslog服务
[root@rsyslog ~]# systemctl enable --now rsyslogWindows下载并安装nxlog软件
https://nxlog.co/system/files/products/files/348/nxlog-ce-2.10.2150.msi
安装路径修改nxlog.conf (C:\Program Files (x86)\nxlog\conf)
定义Input模块
<Input Win_LOG>
Module im_msvistalog
Query <QueryList>\
<Query Id="0">\
<Select Path="Application">*</Select>\
<Select Path="System">*</Select>\
<Select Path="Security">*</Select>\
</Query>\
</QueryList>
</Input>
<Input TEST_LOG>
Module im_file
File "D:\\*.log"
SavePos TRUE
ReadFromLast TRUE
</Input>定义Output模块
<Output winlog>
Module om_udp # using udp
Host 192.168.137.11 # rsyslog server ip
Port 514 # rsyslog port
Exec to_syslog_bsd();
</Output>
<Output applog>
Module om_tcp # using tcp
Host 192.168.137.11 # rsyslog server ip
Port 514 # rsyslog server port
Exec to_syslog_bsd();
</Output>定义route模块
<Route 1>
Path Win_LOG => winlog
</Route>
<Route 2>
Path TEST_LOG => applog
</Route>重启nxlog服务
写入日志,检查rsyslog接收情况
