526互联

11linux系统syslog服务

发布时间 2023-09-05 17:54:08作者: 冷夜O

1.简介

syslog 是linux自带的系统日志服务进程,下面的例子以centos 7 为例。

 

2.syslog 服务端

开启udp 514 端口

vi /etc/rsyslog.conf
#  去掉注释UDP下面的两行首行#,采用udp 514 接收数据
# 下面TCP注释是采用Tcp协议接收数据

...
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514
...

 

接收主机配置及日志存储位置设置

# 在配置文件添加这行,客户端是192.168.186.11,日志路径是/home/root/client.log

if $fromhost-ip == '192.168.186.11' then /home/root/client.log

 

提前在路径创建文件并授权

mkdir -p /home/root/
touch /home/root/client.log
chmod 776 /home/root/client.log

 

重启rsyslog服务

systemctl restart rsyslog

 

3.syslog客户端

添加推送服务器

vi /etc/rsyslog.conf

# 添加 推送服务器 ,格式:*.* @syslog服务器IP地址:514
# 在最后面添加,是把全部日志推送到服务器192.168.186.10

*.* @192.168.186.10:514

 

重启rsyslog服务

systemctl restart rsyslog

 

4.client 和 server 通讯如果有问题

建议检测本地防火墙

建议检测网络

 

5.结果验证

[root@localhost ~]# cat /home/root/client.log 
Sep  5 15:42:27 localhost systemd: Stopping System Logging Service...
Sep  5 15:42:27 localhost rsyslogd: [origin software="rsyslogd" swVersion="8.24.0-57.el7_9.3" x-pid="1008" x-info="http://www.rsyslog.com"] exiting on signal 15.
Sep  5 15:42:27 localhost systemd: Stopped System Logging Service.
Sep  5 15:42:27 localhost systemd: Starting System Logging Service...
Sep  5 15:42:27 localhost rsyslogd: [origin software="rsyslogd" swVersion="8.24.0-57.el7_9.3" x-pid="1488" x-info="http://www.rsyslog.com"] start
Sep  5 15:42:27 localhost systemd: Started System Logging Service.
Sep  5 15:44:26 localhost kernel: e1000: ens33 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
Sep  5 15:44:26 localhost NetworkManager[763]: <info>  [1693899866.5594] device (ens33): carrier: link connected
Sep  5 15:44:34 localhost kernel: e1000: ens33 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
Sep  5 15:46:18 localhost systemd: Starting Cleanup of Temporary Directories...
Sep  5 15:46:18 localhost rsyslogd: action 'action 7' resumed (module 'builtin:omfwd') [v8.24.0-57.el7_9.3 try http://www.rsyslog.com/e/2359 ]
Sep  5 15:46:18 localhost rsyslogd: action 'action 7' resumed (module 'builtin:omfwd') [v8.24.0-57.el7_9.3 try http://www.rsyslog.com/e/2359 ]
Sep  5 15:46:18 localhost systemd: Started Cleanup of Temporary Directories.
Sep  5 15:51:07 localhost systemd: Stopping System Logging Service...
Sep  5 15:51:07 localhost rsyslogd: [origin software="rsyslogd" swVersion="8.24.0-57.el7_9.3" x-pid="1488" x-info="http://www.rsyslog.com"] exiting on signal 15.
Sep  5 15:51:07 localhost systemd: Stopped System Logging Service.
Sep  5 15:51:07 localhost systemd: Starting System Logging Service...
Sep  5 15:51:07 localhost rsyslogd: [origin software="rsyslogd" swVersion="8.24.0-57.el7_9.3" x-pid="1753" x-info="http://www.rsyslog.com"] start
Sep  5 15:51:07 localhost systemd: Started System Logging Service.
Sep  5 15:51:07 localhost polkitd[753]: Unregistered Authentication Agent for unix-process:1746:119799 (system bus name :1.25, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale zh_CN.UTF-8) (disconnected from bus)