Home » Categories » Linux

SPRAWDZONA KONFIGURACJA RSYSLOG I LOGROTATE, JAKO ZEWNĘTRZNEGO SERWERA SYSLOG

Article Number: 454 | Rating: Unrated | Last Updated: Fri, Nov 30, 2018 10:48 PM

rsyslog jest domyślną aplikacją logującą w systemach RHEL6 /CentOS 6. Tak jak i inne syslogi, funkcjonuje w oparciu o pliki lokalne oraz zewnętrznie o domyślne porty TCP i/lub UDP 514. To, czy będziemy używać TCP, czy UDP, zależy od nas, odpowiada za to linia w konfiguracji: $UDPServerRun 514 / $TCPServerRun 514

  • Na serwerze syslog

/etc/rsyslog.conf

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
$ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerRun 514
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
*.info;mail.none;authpriv.none;cron.none                /var/log/messages
authpriv.*                                              /var/log/secure
mail.*                                                  -/var/log/maillog
cron.*                                                  /var/log/cron
*.emerg                                                 *
uucp,news.crit                                          /var/log/spooler
local7.*                                                /var/log/boot.log

/etc/rsyslog.d/PRD-1G-FW-01.conf

if $fromhost-ip == '10.1.71.1' then /var/log/external/PRD-1G-FW-01/device.log

/etc/logrotate.conf

weekly
rotate 4
create
dateext
include /etc/logrotate.d
/var/log/wtmp {
    monthly
    create 0664 root utmp
        minsize 1M
    rotate 1
}
/var/log/btmp {
    missingok
    monthly
    create 0600 root utmp
    rotate 1
}

/etc/logrotate.d/PRD-1G-FW-01

/var/log/external/PRD-1G-FW-01/device.log {
    compress
    compresscmd /usr/bin/bzip2
    compressext .bz2
    missingok
    delaycompress
    daily
    dateext
    rotate 3650
    create 0600 root root
}

ls /var/log/external

PRD-1G-SW-01

ls /var/log/external/PRD-1G-FW-01/

device.log-20140904.bz2  device.log-20140905.bz2  device.log-20140906.bz2  device.log-20140907.bz2  device.log-20140908

Teraz restartujemy usługę rsyslog

service rsyslog restart
Shutting down system logger:    [  OK  ]
Starting system logger:         [  OK  ]
  • Na kliencie syslog

/etc/rsyslog.conf

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
kern.=debug                                             /var/log/iptables
*.info;mail.none;authpriv.none;cron.none                /var/log/messages
authpriv.*                                              /var/log/secure
mail.*                                                  -/var/log/maillog
cron.*                                                  /var/log/cron
*.emerg                                                 *
uucp,news.crit                                          /var/log/spooler
local7.*                                                /var/log/boot.log

/etc/rsyslog.d/external.conf

*.* @@10.1.71.45

Tutaj również restartujemy usługę rsyslog

service rsyslog restart
Shutting down system logger:    [  OK  ]
Starting system logger:         [  OK  ]
  • Powracamy na serwer sysloga, aby sprawdzić, czy działa
tail -n2 /var/log/external/PRD-1G-FW-01/device.log-20140908
Sep  8 11:43:57 PRD-1G-FW kernel: imklog 5.8.10, log source = /proc/kmsg started.
Sep  8 11:43:57 PRD-1G-FW rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="804" x-info="http://www.rsyslog.com"] start

Wszystko działa, syslog skonfigurowany.
Posted - Fri, Nov 30, 2018 10:48 PM. This article has been viewed 3964 times.
Filed Under: Linux
0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
LVM: Rename root VG/LV
Viewed 7797 times since Sat, Jun 2, 2018
bash mistakes This page is a compilation of common mistakes made by bash users. Each example is flawed in some way.
Viewed 9226 times since Sun, Dec 6, 2020
What Is /dev/shm And Its Practical Usage
Viewed 8222 times since Tue, Mar 12, 2019
RHEL: Rename a network interface on RHEL 7
Viewed 10790 times since Sat, Jun 2, 2018
RHCS6: Quorum disk and heuristics
Viewed 4519 times since Sun, Jun 3, 2018
RHEL: Extending the maximum inode count on a ext2/ext3/ext4 filesystem
Viewed 3425 times since Sun, May 27, 2018
RHEL: Scan and configure new SAN (fibre channel) LUNs
Viewed 8277 times since Sun, May 27, 2018
linux-training.be gives you books for free to study Linux
Viewed 5076 times since Sat, Jun 2, 2018
Linux - Cannot login from remote console but can access via ssh
Viewed 5387 times since Fri, Jun 8, 2018
Red Hat Enterprise Linux - Allow Root Login From a Specific IP Address Only
Viewed 2969 times since Wed, Oct 3, 2018