SPRAWDZONA KONFIGURACJA RSYSLOG I LOGROTATE, JAKO ZEWNĘTRZNEGO SERWERA SYSLOG

rsyslog jest domyślną aplikacją logującą w systemach RHEL6 /CentOS 6. Tak jak i inne syslogi, funkcjonuje w oparciu o pliki lokalne oraz zewnętrznie o domyślne porty TCP i/lub UDP 514. To, czy będziemy używać TCP, czy UDP, zależy od nas, odpowiada za to linia w konfiguracji: $UDPServerRun 514 / $TCPServerRun 514

  • Na serwerze syslog

/etc/rsyslog.conf

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
$ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerRun 514
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
*.info;mail.none;authpriv.none;cron.none                /var/log/messages
authpriv.*                                              /var/log/secure
mail.*                                                  -/var/log/maillog
cron.*                                                  /var/log/cron
*.emerg                                                 *
uucp,news.crit                                          /var/log/spooler
local7.*                                                /var/log/boot.log

/etc/rsyslog.d/PRD-1G-FW-01.conf

if $fromhost-ip == '10.1.71.1' then /var/log/external/PRD-1G-FW-01/device.log

/etc/logrotate.conf

weekly
rotate 4
create
dateext
include /etc/logrotate.d
/var/log/wtmp {
    monthly
    create 0664 root utmp
        minsize 1M
    rotate 1
}
/var/log/btmp {
    missingok
    monthly
    create 0600 root utmp
    rotate 1
}

/etc/logrotate.d/PRD-1G-FW-01

/var/log/external/PRD-1G-FW-01/device.log {
    compress
    compresscmd /usr/bin/bzip2
    compressext .bz2
    missingok
    delaycompress
    daily
    dateext
    rotate 3650
    create 0600 root root
}

ls /var/log/external

PRD-1G-SW-01

ls /var/log/external/PRD-1G-FW-01/

device.log-20140904.bz2  device.log-20140905.bz2  device.log-20140906.bz2  device.log-20140907.bz2  device.log-20140908

Teraz restartujemy usługę rsyslog

service rsyslog restart
Shutting down system logger:    [  OK  ]
Starting system logger:         [  OK  ]
  • Na kliencie syslog

/etc/rsyslog.conf

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
kern.=debug                                             /var/log/iptables
*.info;mail.none;authpriv.none;cron.none                /var/log/messages
authpriv.*                                              /var/log/secure
mail.*                                                  -/var/log/maillog
cron.*                                                  /var/log/cron
*.emerg                                                 *
uucp,news.crit                                          /var/log/spooler
local7.*                                                /var/log/boot.log

/etc/rsyslog.d/external.conf

*.* @@10.1.71.45

Tutaj również restartujemy usługę rsyslog

service rsyslog restart
Shutting down system logger:    [  OK  ]
Starting system logger:         [  OK  ]
  • Powracamy na serwer sysloga, aby sprawdzić, czy działa
tail -n2 /var/log/external/PRD-1G-FW-01/device.log-20140908
Sep  8 11:43:57 PRD-1G-FW kernel: imklog 5.8.10, log source = /proc/kmsg started.
Sep  8 11:43:57 PRD-1G-FW rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="804" x-info="http://www.rsyslog.com"] start

Wszystko działa, syslog skonfigurowany.

0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
Linux - How to get CPU information
Viewed 759 times since Fri, Jun 8, 2018
RHEL: Forgotten ’root’ password / using single-user to gain access
Viewed 1557 times since Sat, Jun 2, 2018
Understanding logrotate utility part 1
Viewed 719 times since Fri, Nov 30, 2018
Using stunnel and TinyProxy to obfuscate HTTP traffic
Viewed 2307 times since Fri, Sep 28, 2018
How setting the TZ environment variable avoids thousands of system calls
Viewed 1826 times since Mon, May 21, 2018
debian How to Upgrade Debian 8 Jessie to Debian 9 Stretch
Viewed 1065 times since Sun, Sep 23, 2018
Linux Cluster Tutorial
Viewed 709 times since Sat, Sep 29, 2018
linux aix Killing a process and all of its descendants
Viewed 815 times since Tue, May 5, 2020
What Is /dev/shm And Its Practical Usage
Viewed 1482 times since Tue, Mar 12, 2019
RHCS6: Clustered LVM
Viewed 1011 times since Sun, Jun 3, 2018