1.简介
syslog 是linux自带的系统日志服务进程,下面的例子以centos 7 为例。
2.syslog 服务端
开启udp 514 端口
vi /etc/rsyslog.conf # 去掉注释UDP下面的两行首行#,采用udp 514 接收数据 # 下面TCP注释是采用Tcp协议接收数据 ... # Provides UDP syslog reception $ModLoad imudp $UDPServerRun 514 # Provides TCP syslog reception #$ModLoad imtcp #$InputTCPServerRun 514 ...
接收主机配置及日志存储位置设置
# 在配置文件添加这行,客户端是192.168.186.11,日志路径是/home/root/client.log if $fromhost-ip == '192.168.186.11' then /home/root/client.log
提前在路径创建文件并授权
mkdir -p /home/root/ touch /home/root/client.log chmod 776 /home/root/client.log
重启rsyslog服务
systemctl restart rsyslog
3.syslog客户端
添加推送服务器
vi /etc/rsyslog.conf # 添加 推送服务器 ,格式:*.* @syslog服务器IP地址:514 # 在最后面添加,是把全部日志推送到服务器192.168.186.10 *.* @192.168.186.10:514
重启rsyslog服务
systemctl restart rsyslog
4.client 和 server 通讯如果有问题
建议检测本地防火墙
建议检测网络
5.结果验证
[root@localhost ~]# cat /home/root/client.log Sep 5 15:42:27 localhost systemd: Stopping System Logging Service... Sep 5 15:42:27 localhost rsyslogd: [origin software="rsyslogd" swVersion="8.24.0-57.el7_9.3" x-pid="1008" x-info="http://www.rsyslog.com"] exiting on signal 15. Sep 5 15:42:27 localhost systemd: Stopped System Logging Service. Sep 5 15:42:27 localhost systemd: Starting System Logging Service... Sep 5 15:42:27 localhost rsyslogd: [origin software="rsyslogd" swVersion="8.24.0-57.el7_9.3" x-pid="1488" x-info="http://www.rsyslog.com"] start Sep 5 15:42:27 localhost systemd: Started System Logging Service. Sep 5 15:44:26 localhost kernel: e1000: ens33 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None Sep 5 15:44:26 localhost NetworkManager[763]: <info> [1693899866.5594] device (ens33): carrier: link connected Sep 5 15:44:34 localhost kernel: e1000: ens33 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None Sep 5 15:46:18 localhost systemd: Starting Cleanup of Temporary Directories... Sep 5 15:46:18 localhost rsyslogd: action 'action 7' resumed (module 'builtin:omfwd') [v8.24.0-57.el7_9.3 try http://www.rsyslog.com/e/2359 ] Sep 5 15:46:18 localhost rsyslogd: action 'action 7' resumed (module 'builtin:omfwd') [v8.24.0-57.el7_9.3 try http://www.rsyslog.com/e/2359 ] Sep 5 15:46:18 localhost systemd: Started Cleanup of Temporary Directories. Sep 5 15:51:07 localhost systemd: Stopping System Logging Service... Sep 5 15:51:07 localhost rsyslogd: [origin software="rsyslogd" swVersion="8.24.0-57.el7_9.3" x-pid="1488" x-info="http://www.rsyslog.com"] exiting on signal 15. Sep 5 15:51:07 localhost systemd: Stopped System Logging Service. Sep 5 15:51:07 localhost systemd: Starting System Logging Service... Sep 5 15:51:07 localhost rsyslogd: [origin software="rsyslogd" swVersion="8.24.0-57.el7_9.3" x-pid="1753" x-info="http://www.rsyslog.com"] start Sep 5 15:51:07 localhost systemd: Started System Logging Service. Sep 5 15:51:07 localhost polkitd[753]: Unregistered Authentication Agent for unix-process:1746:119799 (system bus name :1.25, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale zh_CN.UTF-8) (disconnected from bus)
标签:systemd,11linux,15,Sep,syslog,rsyslog,服务,localhost,rsyslogd From: https://www.cnblogs.com/chenzhi2023/p/17680363.html