rsyslog 是 log file service, 用來記錄系統在什麼時候由哪個程序做了什麼樣的行為時, 發生了何種的事件等等.
而 rsyslog 除了可記錄本機上事件是外, 也可傳送給遠端機器記錄
client setup:
client:~ # yum install rsyslog # 安裝 rsyslog
client:~ # systemctl start rsyslog
client:~ # systemctl enable rsyslog
client:~ # echo "*.* @server_ip" >> /etc/rsyslog.conf # 設定所有 message 傳到指定 server
client:~ # systemctl restart rsyslog
server setup:
server:~ # yum install rsyslog
server:~ # systemctl start rsyslog
server:~ # systemctl enable rsyslog
server:~ # vi /etc/rsyslog.conf # 開啟 514 port 接受遠端 rsyslog 資料
$ModLoad imudp
$UDPServerRun 514
...
server:~ # vi /etc/rsyslog.d/remote.conf # 設定記錄檔
$template Remote,"/var/log/syslog/%fromhost-ip%/%fromhost-ip%_%$YEAR%-%$MONTH%-%$DAY%.log"
:fromhost-ip, !isequal, "127.0.0.1" ?Remote
& ~
server:~ # systemctl restart rsyslog
server:~ # firewall-cmd --permanent --add-port=514/udp # 設定防火牆
server:~ # firewall-cmd --reload
留言列表
