python-2.7 - rsyslog 无法将消息转发到 tcp 端口
问题描述
rsyslogd 版本:rsyslogd 8.27.0.11
蟒蛇:2.7.13
/etc/rsyslog.d/mycustom.conf有
module(load="imptcp")
module(load="imfile")
module(load="omprog")
template(name="simple-msg" type="string" string="%msg%\n")
ruleset(name="filebeat.in" queue.size="1000" queue.type="LinkedList" queue.workerthreads="2" queue.discardmark="1001") {
# action(type="omfile" File="/tmp/logfile1.log" template="simple-msg" queue.type="direct")
action(type="omfwd" name="test_fwd" template="simple-msg" target="localhost" port="8000" protocol="tcp" tcp_framing="octet-counted" ResendLastMSGOnReconnect="on" queue.size="1000" queue.type="LinkedList" queue.workerthreads="1" queue.discardmark="1001")
action(type="omfwd" name="filebeat_fwd_1" template="simple-msg" target="localhost" port="9000" protocol="tcp" tcp_framing="octet-counted" ResendLastMSGOnReconnect="on" queue.size="1000" queue.type="LinkedList" queue.workerthreads="1" queue.discardmark="1001")
action(type="omfwd" name="filebeat_fwd_2" template="simple-msg" target="localhost" port="9001" protocol="tcp" tcp_framing="octet-counted" ResendLastMSGOnReconnect="on" queue.size="1000" queue.type="LinkedList" queue.workerthreads="1" queue.discardmark="1001" action.execOnlyWhenpReviousIsSuspended="on")
action(type="omfwd" name="filebeat_fwd_3" template="simple-msg" target="localhost" port="9002" protocol="tcp" tcp_framing="octet-counted" ResendLastMSGOnReconnect="on" queue.size="1000" queue.type="LinkedList" queue.workerthreads="1" queue.discardmark="1001" action.execOnlyWhenpReviousIsSuspended="on")
}
input(type="imptcp" port="10489" ruleset="filebeat.in")
我有一个 python 文件,它将一些 json 数据推送到 10489 端口,该端口应该转发到端口 8000。在端口 8000 上,我使用下面的脚本启动了一个 tcp 服务器。
服务器.py
import socket
import sys
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server_address = ('localhost', 8000)
print >>sys.stderr, 'starting up on %s port %s' % server_address
sock.bind(server_address)
sock.listen(1)
while True:
print >>sys.stderr, 'waiting for a connection'
connection, client_address = sock.accept()
try:
print >>sys.stderr, 'connection from', client_address
while True:
data = connection.recv(102400)
print >>sys.stderr, 'received "%s"' % data
if data:
print >>sys.stderr, 'sending data back to the client'
connection.sendall(data)
else:
print >>sys.stderr, 'no more data from', client_address
break
finally:
connection.close()
我的 rsyslog 正在运行,并且我已经启动了 server.py,但我无法在 python 服务器输出中看到任何消息。
通过取消注释规则集中的第一个操作,我已经确认消息实际上被推送到 10489,并且我能够看到文件/tmp/logfile1.log被填满。
/var/log/messages有以下日志
Aug 16 19:57:18 host-name rsyslogd: action '*' treated as ':omusrmsg:*' - please use ':omusrmsg:*' syntax instead, '*' will not be supported in the future [v8.27.0.11. try http://www.rsyslog.com/e/2184 ]
Aug 16 19:57:18 host-name rsyslogd: [origin software="rsyslogd" swVersion="8.27.0.11." x-pid="3668" x-info="http://www.rsyslog.com"] start
Aug 16 19:57:28 host-name rsyslogd: action 'test_fwd' suspended, next retry is Mon Aug 16 19:57:58 2021 [v8.27.0.11. try http://www.rsyslog.com/e/2007 ]
Aug 16 19:57:28 host-name rsyslogd: action 'filebeat_fwd_1' suspended, next retry is Mon Aug 16 19:57:58 2021 [v8.27.0.11. try http://www.rsyslog.com/e/2007 ]
Aug 16 19:58:04 host-name rsyslogd: action '*' treated as ':omusrmsg:*' - please use ':omusrmsg:*' syntax instead, '*' will not be supported in the future [v8.27.0.11. try http://www.rsyslog.com/e/2184 ]
Aug 16 19:58:04 host-name rsyslogd: [origin software="rsyslogd" swVersion="8.27.0.11." x-pid="4371" x-info="http://www.rsyslog.com"] start
Aug 16 19:58:04 host-name rsyslogd: action 'filebeat_fwd_1' suspended, next retry is Mon Aug 16 19:58:34 2021 [v8.27.0.11. try http://www.rsyslog.com/e/2007 ]
Aug 16 19:58:04 host-name rsyslogd: action 'test_fwd' suspended, next retry is Mon Aug 16 19:58:34 2021 [v8.27.0.11. try http://www.rsyslog.com/e/2007 ]
上述日志会导致任何问题吗?我错过了什么吗?
/etc/rsyslog.conf
$ModLoad imuxsock
$ModLoad imklog
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$IncludeConfig /etc/rsyslog.d/*.conf
auth,authpriv.* /var/log/auth.log
*.*;auth,authpriv.none -/var/log/syslog
daemon.* -/var/log/daemon.log
kern.* -/var/log/kern.log
lpr.* -/var/log/lpr.log
mail.* -/var/log/mail.log
user.* -/var/log/user.log
mail.info -/var/log/mail.info
mail.warn -/var/log/mail.warn
mail.err /var/log/mail.err
news.crit /var/log/news/news.crit
news.err /var/log/news/news.err
news.notice -/var/log/news/news.notice
*.=debug;\
auth,authpriv.none;\
news.none;mail.none -/var/log/debug
*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail,news.none -/var/log/messages
*.emerg *
# *.* @ops-rsyslog:514
# eventually this should be handled by one of stream-relay rsyslog.d config files, which uses tags decided by the user (so user can control retention and destination)
解决方案
推荐阅读
- javascript - 从外部脚本访问 React DOM 元素
- c++ - 在对象中构造对象
- python - 如何将特定时间的时间作为 time.time() 获取?
- amazon-web-services - Kubernetes AWS 共享持久卷
- excel - 从 Excel TEXT 函数中获取总小时数
- regex - 正则表达式不将下划线 ( _ ) 识别为特殊字符
- javascript - 如何修复 windows.onload 中文档对象的未定义错误?
- f# - 如何从相同类型的序列中找到特定的可区分联合,然后返回该特定的可区分联合(如果存在)
- amazon-web-services - 如何使用 CloudFormation 模板将 BucketPolicy (LifecycleConfiguration) 应用于现有存储桶?
- puppeteer - 如何使用 puppeteer 获取所有具有样式的字体