收集网络设备日志

最新推荐文章于 2024-05-14 23:09:22 发布

JackCurry

最新推荐文章于 2024-05-14 23:09:22 发布

阅读量3.9k

点赞数

文章标签： linux

本文链接：https://blog.csdn.net/JackCurry/article/details/107722510

版权

Linux7的rsyslog服务

如果没有，yum安装一个，我的环境不是最小化安装的Linux系统。

[root@mo ~]# systemctl status rsyslog
● rsyslog.service - System Logging Service
   Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2020-07-07 13:49:49 CST; 3 weeks 3 days ago
     Docs: man:rsyslogd(8)
           http://www.rsyslog.com/doc/
 Main PID: 1089 (rsyslogd)
    Tasks: 9
   Memory: 7.4M
   CGroup: /system.slice/rsyslog.service
           └─1089 /usr/sbin/rsyslogd -n

Jul 15 21:46:01 mo rsyslogd[1089]: imjournal: journal reloaded... [v8.24.0-52.el7 try http://www.rsyslog.com/e/0 ]
Jul 18 01:56:01 mo rsyslogd[1089]: imjournal: journal reloaded... [v8.24.0-52.el7 try http://www.rsyslog.com/e/0 ]
Jul 19 03:36:01 mo rsyslogd[1089]:  [origin software="rsyslogd" swVersion="8.24.0-52.el7" x-pid="1089" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
Jul 20 06:01:01 mo rsyslogd[1089]: imjournal: journal reloaded... [v8.24.0-52.el7 try http://www.rsyslog.com/e/0 ]
Jul 22 10:11:01 mo rsyslogd[1089]: imjournal: journal reloaded... [v8.24.0-52.el7 try http://www.rsyslog.com/e/0 ]
Jul 24 14:28:01 mo rsyslogd[1089]: imjournal: journal reloaded... [v8.24.0-52.el7 try http://www.rsyslog.com/e/0 ]
Jul 26 03:08:01 mo rsyslogd[1089]:  [origin software="rsyslogd" swVersion="8.24.0-52.el7" x-pid="1089" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
Jul 26 18:16:01 mo rsyslogd[1089]: imjournal: journal reloaded... [v8.24.0-52.el7 try http://www.rsyslog.com/e/0 ]
Jul 28 22:31:01 mo rsyslogd[1089]: imjournal: journal reloaded... [v8.24.0-52.el7 try http://www.rsyslog.com/e/0 ]
Jul 31 02:39:01 mo rsyslogd[1089]: imjournal: journal reloaded... [v8.24.0-52.el7 try http://www.rsyslog.com/e/0 ]

rsyslog配置设置

1、
需要开启514端口
$ModLoad imtcp
$InputTCPServerRun 514
2、
需要将产生的日志设置规则、并存放在对应的路径下
$template IpTemplate,"/var/log/complogs/switch/%FROMHOST-IP%.log"
:fromhost-ip,isequal,“192.168.40.2” ?IpTemplate
3、
重启rsyslog服务

[root@mo switch]# cat /etc/rsyslog.conf
# rsyslog configuration file

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html

#### MODULES ####

# The imjournal module bellow is now used as a message source instead of imuxsock.
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal
#$ModLoad imklog # reads kernel messages (the same are read from journald)
#$ModLoad immark  # provides --MARK-- message capability

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514

$template IpTemplate,"/var/log/complogs/switch/%FROMHOST-IP%.log"

最低0.47元/天解锁文章

JackCurry

关注

0
点赞
踩
1

收藏

觉得还不错? 一键收藏
1
评论
收集网络设备日志

Linux7的rsyslog服务如果没有，yum安装一个，我的环境不是最小化安装的Linux系统。[root@mo ~]# systemctl status rsyslog● rsyslog.service - System Logging Service Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled) Active: active (running) sin
复制链接

扫一扫