配置远程日志服务器-> 实现日志的集中管理
环境:
两台服务器 server端 client 端
1)server端配置
[root@centos7-xinsz08 ~]# vim /etc/rsyslog.conf
# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
- 重启
[root@centos7-xinsz08 ~]# systemctl restart rsyslog
3) 查看是否监听514端口
netstat -antup | grep 514
tcp 0 0 0.0.0.0:514 0.0.0.0:* LISTEN 23927/rsyslogd
tcp6 0 0 :::514 :::* LISTEN 23927/rsyslogd
client 客户端配置:
- vim /etc/rsyslog.conf
79 #*.* @@remote-host:514
81 *.* @@192.168.1.19:514
- 重启服务
[root@xinsz08-64 ~]# service rsyslog restart
关闭系统日志记录器: [确定]
启动系统日志记录器: [确定]
[root@xinsz08-64 ~]#
服务器端验证
1) 关闭防火墙和selinux
[root@centos7-xinsz08 ~]# getenforce
Enforcing
[root@centos7-xinsz08 ~]# setenforce 0
[root@centos7-xinsz08 ~]# getenforce
Permissive
[root@centos7-xinsz08 ~]# systemctl stop firewalld.service
[root@centos7-xinsz08 ~]#
- 开启日志监控
[root@centos7-xinsz08 ~]# tail -f /var/log/messages
Feb 28 16:28:46 centos7-xinsz08 systemd: Started System Logging Service.
Feb 28 16:30:02 centos7-xinsz08 systemd: Started Session 172 of user root.
3) 在客户端测试logger
[root@xinsz08-64 ~]# logger -p info "hello,world,i am coming"
[root@xinsz08-64 ~]# logger -p info "hello,world,i am coming"
4)查看服务器端的变化,
tail -f出来的内容多了两行
Feb 29 00:36:58 xinsz08-64 root: hello,world,i am coming
Feb 29 00:37:09 xinsz08-64 root: hello,world,i am coming