SPRAWDZONA KONFIGURACJA RSYSLOG I LOGROTATE, JAKO ZEWNĘTRZNEGO SERWERA SYSLOG

rsyslog jest domyślną aplikacją logującą w systemach RHEL6 /CentOS 6. Tak jak i inne syslogi, funkcjonuje w oparciu o pliki lokalne oraz zewnętrznie o domyślne porty TCP i/lub UDP 514. To, czy będziemy używać TCP, czy UDP, zależy od nas, odpowiada za to linia w konfiguracji: $UDPServerRun 514 / $TCPServerRun 514

  • Na serwerze syslog

/etc/rsyslog.conf

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
$ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerRun 514
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
*.info;mail.none;authpriv.none;cron.none                /var/log/messages
authpriv.*                                              /var/log/secure
mail.*                                                  -/var/log/maillog
cron.*                                                  /var/log/cron
*.emerg                                                 *
uucp,news.crit                                          /var/log/spooler
local7.*                                                /var/log/boot.log

/etc/rsyslog.d/PRD-1G-FW-01.conf

if $fromhost-ip == '10.1.71.1' then /var/log/external/PRD-1G-FW-01/device.log

/etc/logrotate.conf

weekly
rotate 4
create
dateext
include /etc/logrotate.d
/var/log/wtmp {
    monthly
    create 0664 root utmp
        minsize 1M
    rotate 1
}
/var/log/btmp {
    missingok
    monthly
    create 0600 root utmp
    rotate 1
}

/etc/logrotate.d/PRD-1G-FW-01

/var/log/external/PRD-1G-FW-01/device.log {
    compress
    compresscmd /usr/bin/bzip2
    compressext .bz2
    missingok
    delaycompress
    daily
    dateext
    rotate 3650
    create 0600 root root
}

ls /var/log/external

PRD-1G-SW-01

ls /var/log/external/PRD-1G-FW-01/

device.log-20140904.bz2  device.log-20140905.bz2  device.log-20140906.bz2  device.log-20140907.bz2  device.log-20140908

Teraz restartujemy usługę rsyslog

service rsyslog restart
Shutting down system logger:    [  OK  ]
Starting system logger:         [  OK  ]
  • Na kliencie syslog

/etc/rsyslog.conf

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
kern.=debug                                             /var/log/iptables
*.info;mail.none;authpriv.none;cron.none                /var/log/messages
authpriv.*                                              /var/log/secure
mail.*                                                  -/var/log/maillog
cron.*                                                  /var/log/cron
*.emerg                                                 *
uucp,news.crit                                          /var/log/spooler
local7.*                                                /var/log/boot.log

/etc/rsyslog.d/external.conf

*.* @@10.1.71.45

Tutaj również restartujemy usługę rsyslog

service rsyslog restart
Shutting down system logger:    [  OK  ]
Starting system logger:         [  OK  ]
  • Powracamy na serwer sysloga, aby sprawdzić, czy działa
tail -n2 /var/log/external/PRD-1G-FW-01/device.log-20140908
Sep  8 11:43:57 PRD-1G-FW kernel: imklog 5.8.10, log source = /proc/kmsg started.
Sep  8 11:43:57 PRD-1G-FW rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="804" x-info="http://www.rsyslog.com"] start

Wszystko działa, syslog skonfigurowany.

0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
Procedura powiekszania OCFS2 online
Viewed 4498 times since Fri, Jun 8, 2018
ZPOOL: Verify/change properties of a zpool
Viewed 1009 times since Sun, Jun 3, 2018
How to create stunnel with systemd? stunnel
Viewed 2865 times since Thu, Jan 16, 2020
OpenSSL: Check If Private Key Matches SSL Certificate & CSR
Viewed 1260 times since Mon, Feb 18, 2019
RHEL: Displaying system info (firmware, serial numbers... )
Viewed 9234 times since Sun, May 27, 2018
RHEL: Adding a boot entry to GRUB/GRUB2 configuration
Viewed 1920 times since Sun, May 27, 2018
Super Grub2 Disk
Viewed 1458 times since Wed, May 22, 2019
How to configure an SSH proxy server with Squid
Viewed 736 times since Sun, Dec 6, 2020
high swap space utilization in LINUX
Viewed 4878 times since Fri, Jul 13, 2018
YUM CRON Enabling automatic updates in Centos 7 and RHEL 7
Viewed 10736 times since Fri, Oct 26, 2018