linux下rsyslog配置及部署

linux下rsyslog配置及部署

    • 客户端配置(rsyslog.confclient)
    • 服务端配置(rsyslog.confserver)
    • 部署过程

rsyslog日志传输需要配置两个端口,客户端和服务端。
tcp,udp可以同时放开,由@的个数确定使用的协议。

客户端配置(rsyslog.confclient)

#  /etc/rsyslog.conf	Configuration file for rsyslog.
#
#			For more information see
#			/usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#
#  Default logging rules can be found in /etc/rsyslog.d/50-default.conf


#################
#### MODULES ####
#################

module(load="imuxsock") # provides support for local system logging
module(load="imklog")   # provides kernel logging support
#module(load="immark")  # provides --MARK-- message capability

# provides UDP syslog reception
module(load="imudp")
input(type="imudp" port="514")

# provides TCP syslog reception
module(load="imtcp")
input(type="imtcp" port="514")


#################################
#### File --> client path    ####
#### Tag --> client filename ####
#################################

module(load="imfile" PollingInterval="1")
input(type="imfile"
File="/cds/log/task.log"
Tag="task"
Severity="info"
Facility="local7"
)

###################################################
#### server-ip --> 192.168.1.170               ####
#### server-port --> 514                       ####
#### TCP --> %Facility%.* @@192.168.1.170:514; ####
#### PUD --> %Facility%.* @192.168.1.170:514;  ####
###################################################

local7.* @@192.168.1.170:514



# Enable non-kernel facility klog messages
$KLogPermitNonKernelFacility on


###########################
#### GLOBAL DIRECTIVES ####
###########################

#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# Filter duplicated messages
$RepeatedMsgReduction on

#
# Set the default permissions for all log files.
#
$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$PrivDropToUser syslog
$PrivDropToGroup syslog

#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog

#
# Include all config files in /etc/rsyslog.d/
#

服务端配置(rsyslog.confserver)

#  /etc/rsyslog.conf	Configuration file for rsyslog.
#
#			For more information see
#			/usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#
#  Default logging rules can be found in /etc/rsyslog.d/50-default.conf


#################
#### MODULES ####
#################

module(load="imuxsock") # provides support for local system logging
module(load="imklog")   # provides kernel logging support
#module(load="immark")  # provides --MARK-- message capability

# provides UDP syslog reception
#module(load="imudp")
#input(type="imudp" port="514")

# provides TCP syslog reception
module(load="imtcp")
input(type="imtcp" port="514")

# server path  
$template RemoteLogs,"/var/log/drs700/%HOSTNAME%/%PROGRAMNAME%.log" 
local7.* ?RemoteLogs
& ~

# Enable non-kernel facility klog messages
$KLogPermitNonKernelFacility on

###########################
#### GLOBAL DIRECTIVES ####
###########################

#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# Filter duplicated messages
$RepeatedMsgReduction on

#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog

#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf

部署过程

1(默认ft2000是装有syslog服务的)
客户端配置文件将cp rsyslog.confclient /etc/rsyslog.conf
服务端配置文件将cp rsyslog.confserver /etc/rsyslog.conf

2 服务器端配置文件接收文件的目录(例如/var/log/drs700)
chmod 700 /var/log/drs700
chown syslog:syslog /var/log/drs700

3 /etc/init.d/rsyslog restart syslog重启

4 修改配置后要重启syslog服务

你可能感兴趣的:(linux,linux,服务器,运维)