CentOS6.3 日志服务器的配置

一.与CentOS5使用syslog来记录日志不同，CentOS6.3利用rsyslog来记录，所以配置上略有不同。

二.CentOS5日志服务器配置

1.Server端：修改/etc/sysconfig/syslog

找到SYSLOGD_OPTIONS=”-m 0 “

改成SYSLOGD_OPTIONS=”-m 0 �Cr “

2.Client端：修改/etc/syslog.conf

新增服务器的地址

*.*  @192.168.1.117

三.CentOS6.3日志服务器配置

1.Server端：

修改/etc/rsyslog.conf，将以下注释去除：

开放防火墙端口：在iptables.rule中新增以下二行

重新执行iptables.rule.

重启rsyslog服务 /etc/init.d/rsyslog restart

2.Client端：修改/etc/rsyslog.conf，将以下注释去除：

 

3.重启rsyslog服务：/etc/init.d/rsyslog restart.

附：iptables.rule文件：

iptables.rule#!/bin/bash

##firewall set
##luyx30  v1.0  2012-11-24

#define some parameter
EXTIF="eth0"
INNET="192.168.1.0/24"

##set kernel
echo "1" > /proc/sys/net/ipv4/tcp_syncookies
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
for i in /proc/sys/net/ipv4/conf/*/{rp_filter,log_martians}; do
	echo "1" > $i
done
for i in /proc/sys/net/ipv4/conf/*/{accept_source_route,accept_redirects,send_redirects}; do
	echo "0" > $i
done

##clear rule,set default rule,open rule
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin; export PATH
iptables -F
iptables -X
iptables -Z
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

##allow some ICMP data 
AICMP="0 3 3/4 4 11 12 14 16 18"
for tyicmp in $AICMP
do
	iptables -A INPUT -i $EXTIF -p icmp --icmp-type $tyicmp -j ACCEPT
done

##allow some services 
iptables -A INPUT -p tcp -i $EXTIF --dport 80 --sport 1024:65534 -j ACCEPT #HTTP
iptables -A INPUT -p tcp -s 192.168.1.0/24 -j ACCEPT #allow lan user
iptables -A INPUT -p tcp -i $EXTIF --dport 22 --sport 1024:65534 -j ACCEPT	#allow SSH

#Receive the rsyslog from remote computer 
iptables -A INPUT -p tcp -i $EXTIF -s 192.168.1.0/24 --dport 514 -j ACCEPT
iptables -A INPUT -p udp -i $EXTIF -s 192.168.1.0/24 --dport 514 -j ACCEPT

/etc/init.d/iptables save