搭建rsyslog日志服务器_syslog服务器

搭建rsyslog日志服务器_syslog服务器文章目录1.rsyslog介绍2.实验目的3.实验环境4.配置服务端5.配置客户端6.在服务端验证效果1.rsyslog介绍  rsyslog是一个快速处理收集系统日志的开源程序,提供了高性能、安全功能和模块化设计。rsyslog是syslog的升级版,它将多种来源输入输出转换结果到目的地,rsyslog被广泛用于Linux系统以通过TCP/UDP协议转发或接收日志消息。  rsyslog守护进程可以被配置成两种环境,一种是配置成日志收集服务器,rsysl

大家好,又见面了,我是你们的朋友全栈君。如果您正在找激活码,请点击查看最新教程,关注关注公众号 “全栈程序员社区” 获取激活教程,可能之前旧版本教程已经失效.最新Idea2022.1教程亲测有效,一键激活。

Jetbrains全系列IDE稳定放心使用


1. rsyslog 介绍

  rsyslog 是一个快速处理收集系统日志的开源程序,提供了高性能、安全功能和模块化设计。rsyslog 是 syslog 的升级版,它将多种来源输入输出转换结果到目的地, rsyslog 被广泛用于 Linux 系统以通过 TCP/UDP 协议转发或接收日志消息。
在这里插入图片描述

在这里插入图片描述

  rsyslog 守护进程可以被配置成两种环境,一种是配置成日志收集服务器,rsyslog 进程可以从网络中收集其它主机上的日志数据,这些主机会将日志配置为发送到另外的远程服务器。rsyslog 的另外一个用法,就是可以配置为客户端,用来过滤和发送内部日志消息到本地文件夹(如 /var/log)或一台可以路由到的远程 rsyslog 服务器上。

2. 实验目的

  实现 Client 主机通过 rsyslog 发送自身的系统日志到 Rsyslog Server 服务器,服务器端将该主机系统日志存放到一个指定的目录里面,进行按 IP 和日志简单分类存储。

3. 实验环境

  • 服务端和客户端系统都为 Centos7.7
  • 服务端 IP:10.0.0.120  客户端 IP:10.0.0.100
  • 服务端和客户端关闭防火墙和 selinux
systemctl stop firewalld
setenforce 0
  • 服务端和客户端都安装 rsyslog 服务
yum -y install rsyslog  #无网络自行配置 yum 源

4. 配置服务端

vim /etc/rsyslog.conf  #修改rsyslog配置文件,标蓝的即为需要的内容,标红的为解释说明

# rsyslog configuration file

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html

#### MODULES ####

# The imjournal module bellow is now used as a message source instead of imuxsock.
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal
#$ModLoad imklog # reads kernel messages (the same are read from journald)
#$ModLoad immark # provides --MARK-- message capability

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514


#### GLOBAL DIRECTIVES ####

# Where to place auxiliary files
$WorkDirectory /var/lib/rsyslog
$AllowedSender udp, 10.0.0.0/24
#收集的IP网段


# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$template Remote,"/opt/n9e/rsyslog/logs/%fromhost-ip%/%fromhost-ip%_%$YEAR%-%$MONTH%-%$DAY%-%$HOUR%.log"   #定义模板,接受日志文件路径,区分了不同主机的日志,日志目录自行指定
:fromhost-ip, !isequal, "127.0.0.1" ?Remote  # 过滤服务端本机的日志


# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on

# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf

# Turn off message reception via local log socket;
# local messages are retrieved through imjournal now.
$OmitLocalLogging on

# File to store the position in the journal
$IMJournalStateFile imjournal.state


#### RULES ####
# 添加创建目录的注释
$CreateDirs on
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages

# The authpriv file has restricted access.
authpriv.* /var/log/secure

# Log all the mail messages in one place.
mail.* -/var/log/maillog


# Log cron stuff
cron.* /var/log/cron

# Everybody gets emergency messages
*.emerg :omusrmsg:*

# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler

# Save boot messages also to boot.log
local7.* /var/log/boot.log


# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList # run asynchronously
#$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
# *.* @@192.168.44.212:514
# ### end of the forwarding rule ###

 

systemctl restart rsyslog  #重启rsyslog服务

5. 配置客户端

vim /etc/rsyslog.conf  #修改rsyslog配置文件,标蓝的即为需要的内容,标红的为解释说明

# rsyslog configuration file

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html

#### MODULES ####

# The imjournal module bellow is now used as a message source instead of imuxsock.
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal
#$ModLoad imklog # reads kernel messages (the same are read from journald)
#$ModLoad immark # provides --MARK-- message capability

# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514

# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514


#### GLOBAL DIRECTIVES ####

# Where to place auxiliary files
$WorkDirectory /var/lib/rsyslog

# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on

# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf

# Turn off message reception via local log socket;
# local messages are retrieved through imjournal now.
$OmitLocalLogging on

# File to store the position in the journal
$IMJournalStateFile imjournal.state


#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages

# The authpriv file has restricted access.
authpriv.* /var/log/secure

# Log all the mail messages in one place.
mail.* -/var/log/maillog


# Log cron stuff
cron.* /var/log/cron

# Everybody gets emergency messages
*.emerg :omusrmsg:*

# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler

# Save boot messages also to boot.log
local7.* /var/log/boot.log


# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
$ActionQueueFileName fwdRule1 # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
$ActionQueueType LinkedList # run asynchronously
$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
# ### end of the forwarding rule ###
*.* @10.0.0.120  #指定服务端IP

 

systemctl restart rsyslog  #重启rsyslog服务

6. 在服务端验证效果

切换到服务端存放日志文件的路径,可以看到已经生成了日志,rsyslog 日志服务配置成功。
在这里插入图片描述


配置文件详解:
https://www.cnblogs.com/shu-sheng/p/13275474.html

版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。

发布者:全栈程序员-用户IM,转载请注明出处:https://javaforall.cn/189686.html原文链接:https://javaforall.cn

【正版授权,激活自己账号】: Jetbrains全家桶Ide使用,1年售后保障,每天仅需1毛

【官方授权 正版激活】: 官方授权 正版激活 支持Jetbrains家族下所有IDE 使用个人JB账号...

(0)


相关推荐

  • css3 媒体类型(Media Type)[通俗易懂]

    css3 媒体类型(Media Type)[通俗易懂]linkhref=”css/reset.css”rel=”stylesheet”type=”text/css”media=”screen”/>linkhref=”css/style.css”rel=”stylesheet”type=”text/css”media=”all”/>linkhref=”css/print.css”rel=”stylesheet”ty

  • 虚函数后面的分号可有可无_虚函数需要实现吗

    虚函数后面的分号可有可无_虚函数需要实现吗const 和 =0要分开理解.首先理解一下分开的意思成员函数后面用 const 修饰,const表示this是一个指向常量的指针,即对象成为一个常量,即它的成员不能够变化.(默认情况下,this的类型是指向类类型非常量版本的常量指针。例如在Sales_data成员函数中,this的类型是Sales_data *const,即类一旦实例化一个对象后,this指向这个对象,是不能改变的,但是对象…

  • websrorm2021.5激活码[在线序列号][通俗易懂]

    websrorm2021.5激活码[在线序列号],https://javaforall.cn/100143.html。详细ieda激活码不妨到全栈程序员必看教程网一起来了解一下吧!

  • C语言股票交易软件,股票交易系统源程序代码

    C语言股票交易软件,股票交易系统源程序代码#include#include#include#includestructStock{charName[10];intfloatfloat};structStockS[5]={{“桂冠电力”,0},{“华北制药”,0},{“ST金泰”,0},{“伊利股份”,0},{“柳州重工”,0}};flag;//1买入2卖出0都是不Pri[20];Pri…

  • 【vizard】用python写3D游戏

    【vizard】用python写3D游戏vizard介绍Vizard是一款虚拟现实开发平台软件,从开发至今已走过十个年头。它基于C/C++,运用新近OpenGL拓展模块开发出的高性能图形引擎。当运用Python语言执行开发时,Vizard同时自动将编写的程式转换为字节码抽象层(LAXMI),进而运行渲染核心。vizard入门加载人物、对象、背景avatar=viz.addAvatar(‘xxx.cfg’,pos=(0,0,0),euler=(0,0,0))viz.add(‘xxx.osgb’,pos=(0,0,0),e

  • 2019 年MySQL面试题及答案

    2019 年MySQL面试题及答案

发表回复

您的电子邮箱地址不会被公开。

关注全栈程序员社区公众号