流程

rsyslog

rsyslogd  # 启动日志服务
logger "Hello rsyslog"  # 发送一条日志
cat /var/log/syslog  # 查看日志内容

# --name=docker_run 对应rsyslog的变量是programname
docker run -d --log-driver syslog --log-opt syslog-address=udp://127.0.0.1:514 --log-opt tag="{{.Name}}" --name="docker_run"   nginx

判断配置文件是否正确

# -N 1 表示进行详细的检查。
rsyslogd -f /etc/rsyslog.conf  -N 1

消息队列

docker run -d -p 5672:5672 \
-p 15672:15672 \
--name rabbitmq \
rabbitmq:management

alpine

命令行

/bin/sh

安装

apk update
apk add rsyslog
apk add rsyslog rsyslog-rabbitmq

/etc/rsyslog.conf

# 模块不会自动建立exchange与queue
# 建立queue时，选择对应的virtual_host
# 需要在mq里提前建立syslog的exchange
# 在syslog里绑定queue，routing_key为syslog.all
module(load="omrabbitmq")                                                 
action(type="omrabbitmq"                                                  
       host="localhost"                                                   
       virtual_host="/"                                                   
       user="guest"                                                       
       password="guest"                                                   
       exchange="syslog"                                                  
       routing_key="syslog.all")                                          

# 收到的消息格式为                                     
# {"message":" hello","fromhost":"iZ2vc1pj2jtf7pjuhv20ifZ","facility":"user","priority":"notice","timereported":"2024-10-23T02:16:22.761632+00:00","timegenerated":"2024-10-23T02:16:22.761632+00:00"}
# {"message":" \/docker-entrypoint.sh: Looking for shell scripts in \/docker-entrypoint.d\/","fromhost":"localhost","facility":"daemon","priority":"info","timereported":"2024-10-23T10:45:33+00:00","timegenerated":"2024-10-23T02:45:33.331637+00:00"}