SPRAWDZONA KONFIGURACJA RSYSLOG I LOGROTATE, JAKO ZEWNĘTRZNEGO SERWERA SYSLOG

rsyslog jest domyślną aplikacją logującą w systemach RHEL6 /CentOS 6. Tak jak i inne syslogi, funkcjonuje w oparciu o pliki lokalne oraz zewnętrznie o domyślne porty TCP i/lub UDP 514. To, czy będziemy używać TCP, czy UDP, zależy od nas, odpowiada za to linia w konfiguracji: $UDPServerRun 514 / $TCPServerRun 514

  • Na serwerze syslog

/etc/rsyslog.conf

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
$ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerRun 514
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
*.info;mail.none;authpriv.none;cron.none                /var/log/messages
authpriv.*                                              /var/log/secure
mail.*                                                  -/var/log/maillog
cron.*                                                  /var/log/cron
*.emerg                                                 *
uucp,news.crit                                          /var/log/spooler
local7.*                                                /var/log/boot.log

/etc/rsyslog.d/PRD-1G-FW-01.conf

if $fromhost-ip == '10.1.71.1' then /var/log/external/PRD-1G-FW-01/device.log

/etc/logrotate.conf

weekly
rotate 4
create
dateext
include /etc/logrotate.d
/var/log/wtmp {
    monthly
    create 0664 root utmp
        minsize 1M
    rotate 1
}
/var/log/btmp {
    missingok
    monthly
    create 0600 root utmp
    rotate 1
}

/etc/logrotate.d/PRD-1G-FW-01

/var/log/external/PRD-1G-FW-01/device.log {
    compress
    compresscmd /usr/bin/bzip2
    compressext .bz2
    missingok
    delaycompress
    daily
    dateext
    rotate 3650
    create 0600 root root
}

ls /var/log/external

PRD-1G-SW-01

ls /var/log/external/PRD-1G-FW-01/

device.log-20140904.bz2  device.log-20140905.bz2  device.log-20140906.bz2  device.log-20140907.bz2  device.log-20140908

Teraz restartujemy usługę rsyslog

service rsyslog restart
Shutting down system logger:    [  OK  ]
Starting system logger:         [  OK  ]
  • Na kliencie syslog

/etc/rsyslog.conf

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
kern.=debug                                             /var/log/iptables
*.info;mail.none;authpriv.none;cron.none                /var/log/messages
authpriv.*                                              /var/log/secure
mail.*                                                  -/var/log/maillog
cron.*                                                  /var/log/cron
*.emerg                                                 *
uucp,news.crit                                          /var/log/spooler
local7.*                                                /var/log/boot.log

/etc/rsyslog.d/external.conf

*.* @@10.1.71.45

Tutaj również restartujemy usługę rsyslog

service rsyslog restart
Shutting down system logger:    [  OK  ]
Starting system logger:         [  OK  ]
  • Powracamy na serwer sysloga, aby sprawdzić, czy działa
tail -n2 /var/log/external/PRD-1G-FW-01/device.log-20140908
Sep  8 11:43:57 PRD-1G-FW kernel: imklog 5.8.10, log source = /proc/kmsg started.
Sep  8 11:43:57 PRD-1G-FW rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="804" x-info="http://www.rsyslog.com"] start

Wszystko działa, syslog skonfigurowany.

0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
ZFS: Remove an existing zfs filesystem
Viewed 581 times since Sun, Jun 3, 2018
Linux Chage Command to Set Password Aging for User
Viewed 445 times since Tue, Sep 11, 2018
Epoch & Unix Timestamp Conversion Tools
Viewed 13755 times since Fri, Jun 22, 2018
Installing and Configuring stunnel on CentOS 6
Viewed 876 times since Fri, Sep 28, 2018
LVM: Create a new Logical Volume / Filesystem
Viewed 687 times since Sat, Jun 2, 2018
debian Debian/Ubuntu Linux: Find If Installed APT Package Includes a Fix/Patch Via CVE Number
Viewed 473 times since Sun, Sep 23, 2018
Do you Know These 5 Use of V$session View ?
Viewed 5170 times since Thu, Jun 21, 2018
Enabling automatic updates in Centos 7 and RHEL 7
Viewed 532 times since Wed, Oct 17, 2018
RHCS6: Debug and test multicast traffic between two hosts
Viewed 634 times since Sun, Jun 3, 2018
Using Official Redhat DVD as repository
Viewed 718 times since Mon, Oct 29, 2018