Linux Learning - Syslog & Log Rotation

###Syslog###
Features:
 1. Logs daemon information
 2. Logs remotely
 3. Accepts, if configured, logs from remote hosts: i.e. routers, switches, firewalls, content switches, Linux hosts, etc.
 4. Supports: Unix Domain Sockets (/dev/log)
 5. Supports: Internet Sockets: (UDP:514) and/or (TCP:514)
 6. Runs in ALL multi-user levels: 2-5




Tasks:
 1. Exploration of environment
  a. '/etc/rsyslog.conf' - primary config file
  b. '/etc/sysconfig/rsyslog' - ancillary config file, containing startup options


 2. '/etc/resyslog.conf' - exploration
Selector(s) Action(s)
*.info;mail.none;authpriv.none;cron.none                /var/log/messages


# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure




 3. Configure UDP:514 routing of messages from Cisco Router
  a. '/etc/rsyslog.conf' - uncomment UDP section
  b. Setup selector in: '/etc/rsyslog.conf'
   b1. 'local4 /var/log/cisco/ciscorouter.log'
  c. Create: '/var/log/cisco' - 'mkdir /var/log/cisco'
  d. Configure router to log, via UDP, to our RHEL-6 Server


'Jan 18 17:09:49 192.168.75.1 12987: 012457: Jan 18 17:10:44.123 EST: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 192.168.75.21 port 514 started - CLI initiated '


Note: Syslog ALWAYS includes a: timestamp & hostname/IP prefix & message


Note: Syslog supports a number of levels (0-7):
 Debug(0), info, notice, warning, error, critical, alert, emerg(7)
Note: Syslog supports a variety of facilities:
 a. MAIL
 b. AUTH
 c. LOCAL0-7




 4. Configure TCP:514 routing of messages from Cisco Router
  a. '/etc/rsyslog.conf' - uncomment TCP section
  b. Update router configuration


###Log Rotation###
Features:
 1. Management of logs
 2. Reduction/control of size of log files
 3. Config files: '/etc/logrotate.d'
 4. Primary config file: '/etc/logrotate.conf'
 5. Auto-includes files in: '/etc/logrotate.d' into main config file: '/etc/logrotate.conf'
 6. Rotates based on criteria: time || size-based


'/etc/logrotate.d' - entry
/var/log/httpd/*log {
    missingok
    notifempty
    sharedscripts
    delaycompress
    postrotate
        /sbin/service httpd reload > /dev/null 2>/dev/null || true
    endscript
}


Tasks:
 1. Update 'logrotate' to handle: '/var/log/cisco/*log' - '/etc/logrotate.d/syslog'


 2. Create separate file to handle: '/var/log/cisco/*log' - '/etc/logrotate.d/cisco'
 3. Update directives to rotate based on size-based criteria

你可能感兴趣的:(log,&,rotation,Linux/Syslog)