SPRAWDZONA KONFIGURACJA RSYSLOG I LOGROTATE, JAKO ZEWNĘTRZNEGO SERWERA SYSLOG

rsyslog jest domyślną aplikacją logującą w systemach RHEL6 /CentOS 6. Tak jak i inne syslogi, funkcjonuje w oparciu o pliki lokalne oraz zewnętrznie o domyślne porty TCP i/lub UDP 514. To, czy będziemy używać TCP, czy UDP, zależy od nas, odpowiada za to linia w konfiguracji: $UDPServerRun 514 / $TCPServerRun 514

  • Na serwerze syslog

/etc/rsyslog.conf

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
$ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerRun 514
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
*.info;mail.none;authpriv.none;cron.none                /var/log/messages
authpriv.*                                              /var/log/secure
mail.*                                                  -/var/log/maillog
cron.*                                                  /var/log/cron
*.emerg                                                 *
uucp,news.crit                                          /var/log/spooler
local7.*                                                /var/log/boot.log

/etc/rsyslog.d/PRD-1G-FW-01.conf

if $fromhost-ip == '10.1.71.1' then /var/log/external/PRD-1G-FW-01/device.log

/etc/logrotate.conf

weekly
rotate 4
create
dateext
include /etc/logrotate.d
/var/log/wtmp {
    monthly
    create 0664 root utmp
        minsize 1M
    rotate 1
}
/var/log/btmp {
    missingok
    monthly
    create 0600 root utmp
    rotate 1
}

/etc/logrotate.d/PRD-1G-FW-01

/var/log/external/PRD-1G-FW-01/device.log {
    compress
    compresscmd /usr/bin/bzip2
    compressext .bz2
    missingok
    delaycompress
    daily
    dateext
    rotate 3650
    create 0600 root root
}

ls /var/log/external

PRD-1G-SW-01

ls /var/log/external/PRD-1G-FW-01/

device.log-20140904.bz2  device.log-20140905.bz2  device.log-20140906.bz2  device.log-20140907.bz2  device.log-20140908

Teraz restartujemy usługę rsyslog

service rsyslog restart
Shutting down system logger:    [  OK  ]
Starting system logger:         [  OK  ]
  • Na kliencie syslog

/etc/rsyslog.conf

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
kern.=debug                                             /var/log/iptables
*.info;mail.none;authpriv.none;cron.none                /var/log/messages
authpriv.*                                              /var/log/secure
mail.*                                                  -/var/log/maillog
cron.*                                                  /var/log/cron
*.emerg                                                 *
uucp,news.crit                                          /var/log/spooler
local7.*                                                /var/log/boot.log

/etc/rsyslog.d/external.conf

*.* @@10.1.71.45

Tutaj również restartujemy usługę rsyslog

service rsyslog restart
Shutting down system logger:    [  OK  ]
Starting system logger:         [  OK  ]
  • Powracamy na serwer sysloga, aby sprawdzić, czy działa
tail -n2 /var/log/external/PRD-1G-FW-01/device.log-20140908
Sep  8 11:43:57 PRD-1G-FW kernel: imklog 5.8.10, log source = /proc/kmsg started.
Sep  8 11:43:57 PRD-1G-FW rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="804" x-info="http://www.rsyslog.com"] start

Wszystko działa, syslog skonfigurowany.

0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
How To Create a Linux Swap File
Viewed 603 times since Fri, Jun 8, 2018
Linux Network (TCP) Performance Tuning with Sysctl
Viewed 2577 times since Fri, Aug 3, 2018
Linux - Cannot login from remote console but can access via ssh
Viewed 539 times since Fri, Jun 8, 2018
Linux Kernel /etc/sysctl.conf Security Hardening
Viewed 1754 times since Fri, Aug 3, 2018
LVM: Extend SWAP size by growing existing Logical Volume
Viewed 655 times since Sat, Jun 2, 2018
Creating SWAP partition using FDISK & FALLOCATE commands
Viewed 265 times since Thu, Jan 16, 2020
LVM: Reduce an existing Volume Group by removing one of its disks
Viewed 627 times since Sat, Jun 2, 2018
How do I add ethtool settings to a network device permanently?
Viewed 1556 times since Mon, May 21, 2018
12 Tcpdump Commands – A Network Sniffer Tool
Viewed 542 times since Fri, Jul 27, 2018
Using IOzone for Linux disk performance analysis
Viewed 2409 times since Wed, Jul 25, 2018