将nginx的access.log访问日志发送到rsyslog服务器并写入数据库

nginx.conf（将原日志路径改为rsyslog服务器地址）

access_log syslog:server=10.10.14.64:514,facility=local6 main;

如果需要入库需要安装相应数据库的依赖包 ；mysql依赖：yum install -y rsyslog-mysql     pgsql依赖：yum install -y rsyslog-pgsql   还有很多其他依赖可以用 yum list rsyslog-* 进行查看

用 rpm -ql rsyslog-mysql 或 rpm -ql rsyslog-pgsql  来查看数据库脚本文件

查出来的大概是 /usr/share/doc/rsyslog/pgsql-createDB.sql，这个sql中有建库建表语句

rsyslog服务器配置

# rsyslog configuration file

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# or latest version online at http://www.rsyslog.com/doc/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html

#### GLOBAL DIRECTIVES ####

# Where to place auxiliary files
global(workDirectory="/var/lib/rsyslog")

# Use default timestamp format
module(load="builtin:omfile" Template="RSYSLOG_TraditionalFileFormat")

#### MODULES ####

module(load="imuxsock"    # provides support for local system logging (e.g. via logger command)
       SysSock.Use="off") # Turn off message reception via local log socket;
                          # local messages are retrieved through imjournal now.
module(load="imjournal"             # provides access to the systemd journal
       StateFile="/run/log/imjournal.state") # File to store the position in the journal
#module(load="imklog") # reads kernel messages (the same are read from journald)
#module(load="immark") # provides --MARK-- message capability

$imjournalRatelimitInterval 0
#$ActionOmmysqlServerPort 3307    #如果mysql不是默认端口，需要设置该配置

module(load="ompgsql")    #pgsql的连接，mysql的配置为：module(load="ommysql")
module(load="imudp")
input(type="imudp" port="514")
module(load="imtcp")
input(type="imtcp" port="514")

# Include all config files in /etc/rsyslog.d/
include(file="/etc/rsyslog.d/*.conf" mode="optional")
#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
#*.info;mail.none;authpriv.none;cron.none                /var/log/messages
#*.info;mail.none;authpriv.none;cron.none                :ommysql:10.10.14.209,syslog,root,123456

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog


# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 :omusrmsg:*

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log

local6.*                                                /var/log/nginx/access.log    #将客户端发过来的日志写入文件
local6.*                                                :ompgsql:10.10.14.61,Syslog,postgres,123456    #写入数据库

重启

systemctl restart rsyslog

详细说明：

https://blog.51cto.com/shone/5093830