rsyslog  tomcat 服务器:192.168.32.215input(type="imfile"File="/usr/local/apache-tomcat-7.0.55_8082/logs/catalina.out"Tag="zjtest-api01"Severity="info"Facility="local5")local5.* @@192.168.32.76:514rsyslog 日志服务器:192.168.32.76$EscapeControlCharactersOnReceive off      #关闭rsyslog默认转译ASCII<32的所有怪异字符，包括换行符等$template nginx-zjzc01,"/rsyslog/data/nginx/zjzc/nginx_access01_log.%$year%-%$month%-%$day%"       #定义TC：日志存放路径$template nginx-zjzc02,"/rsyslog/data/nginx/zjzc/nginx_access02_log.%$year%-%$month%-%$day%"            #定义TCBeta：日志存放路径$template nginx-uat01,"/rsyslog/data/nginx/uat/nginx_access01_log.%$year%-%$month%-%$day%"            #定义TCBeta：日志存放路径$template tocFormat,"'%syslogtag%','%FROMHOST-IP%','%msg%'\n"                  #定义toc日志format$template uat-zjzc01,"/rsyslog/data/mysql/uat/mysql01_slow_log.%$year%-%$month%-%$day%"            #定义TCBeta：日志存放路径$template zjtest-api01,"/rsyslog/data/tomcat/zjtest/api01_log.%$year%-%$month%-%$day%"            #定义TCBeta：日志存放路径:rawmsg,contains,"nginx-zjzc01"  -?nginx-zjzc01;tocFormat                 #接受TC：日志，并应用tocFormat格式:rawmsg,contains,"nginx-zjzc02"  -?nginx-zjzc02;tocFormat        #接受TCBeta：日志，并应用tocFormat格式:rawmsg,contains,"uat-nginx"  -?nginx-uat01;tocFormat        #接受TCBeta：日志，并应用tocFormat格式:rawmsg,contains,"uat-mysql01"  -?uat-zjzc01;tocFormat:rawmsg,contains,"zjtest-api01"  -?zjtest-api01;tocFormat正常情况下,192.168.32.215上的日志能发送到日志服务器v-test-app01:/usr/local/apache-tomcat-7.0.55_8082/logs> >catalina.outv-test-app01:/usr/local/apache-tomcat-7.0.55_8082/logs> tail -f catalina.out用这种方式截断日志,就会破坏rsyslog 发送日志需要重启tomcat端的rsyslog 服务,才能继续同步下面介绍使用:Linux下Tomcat日志定期清理 及 logrotate 配置v-test-app01:/root# vim /etc/logrotate.conf /usr/local/apache-tomcat-7.0.55_8082/logs/catalina.out {#rotate 7 表示保留7天的备份文件rotate 14#daily 表示每天整理一次 daily#copytruncate 表示先复制log文件的内容，然后再清空copytruncate#compress 表示压缩备分文件compressnotifemptymissingok}/usr/sbin/logrotate -f /etc/logrotate.conf这样清理日志就可以正常同步