syslog-ng安装
syslog-ng server IP :10.125.192.10 Centos6.8
编辑yum源
vim /etc/yum.repo/syslog-ng.repo
[copr:copr.fedorainfracloud.org:czanik:syslog-ng37epel6]
name=Copr repo for syslog-ng37epel6 owned by czanik
baseurl=https://copr-be.cloud.fedoraproject.org/results/czanik/syslog-ng37epel6/epel-6-$basearch/
type=rpm-md
skip_if_unavailable=True
gpgcheck=1
gpgkey=https://copr-be.cloud.fedoraproject.org/results/czanik/syslog-ng37epel6/pubkey.gpg
repo_gpgcheck=0
enabled=1
enabled_metadata=1
yum -y install syslog-ng
编辑syslog-ng配置文件
options {
flush_lines (0);
time_reopen (10);
log_fifo_size (1000);
chain_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (yes); #当指定的目标目录不存在时,是否创建该目录
keep_hostname (yes);
};
source s_network {
syslog(transport(udp) port(6666)); #定义监听UDP6666端口来作为日志来源
};
destination d_local {
file("/var/log/syslog-ng/secure_${FULLHOST_FROM}");#定义接收到日志写入位置,${FULLHOST_FROM}定义了以日志发送端HOST作为日志文件的一部分,以区分不同的主机来源
};
log { source(s_network); destination(d_local); }; #定义消息链,把日志来源和目的地关联
启动并检查
/etc/init.d/syslog-ng start
配置客户端 rsyslog
vim /etc/rsyslog.conf
authpriv.* @10.125.192.10:6666
/etc/init.d/rsyslog restart
配置完成后再客户端服务器上的/var/log/secure日志会实时传送到远程目标服务器上