一、配置pix上面打开syslog日志
logging on
logging timestamp
logging standby
logging buffered critical
logging trap warnings
logging facility 23
logging host inside 10.XX.XXX.XXX
二、配置主机上面接收syslog的日志
cd /etc
vi syslog.conf
主要设置为如下几种:warn、debug:
local7.warn /var/log/local7.warn
local7.debug /var/log/local7.debug
#more /etc/syslog.conf
*.emerg *
#增加如下的内容,将syslog日志发送到主机的某个目录下面
local7.debug /opt/aisms/fw/LOCAL7.debug
注意:debbug和后面的目录之间要用tab键隔开,否则会出现无法解析目录的错误。
# if a non-loghost machine chooses to have authentication messages
# sent to the loghost machine, un-comment out the following line:
#auth.notice ifdef(`LOGHOST', /var/log/authlog, @loghost)
mail.debug ifdef(`LOGHOST', /var/log/syslog, @loghost)
#
# non-loghost machines will use the following lines to cause "user"
# log messages to be logged locally.
#
ifdef(`LOGHOST', ,
user.err /dev/sysmsg
user.err /var/adm/messages
user.alert `root, operator'
user.emerg *
)
三、重启syslog进程
#ps -ef|grep syslog
root 237 1 0 Sep 21 ? 5664:29 /usr/sbin/syslogd
#kill -9 237
#/usr/sbin/syslogd &
四、查看syslog日志情况
# syslogd -d
main(1): Started at time Tue Jan 15 09:54:43 2008
hnc_init(1): hostname cache configured 2037 entry ttl:1200
getnets(1): found 1 addresses, they are: 0.0.0.0.2.2
amiloghost(1): testing 10.5.248.21.2.2
conf_init(1): I am loghost
cfline(1): (*.err;kern.notice;auth.notice /dev/sysmsg)
cfline(1): (*.err;kern.debug;daemon.notice;mail.crit /var/adm/messages)
cfline(1): (*.alert;kern.err;daemon.err operator)
cfline(1): (*.alert root)
cfline(1): (*.emerg *)
cfline(1): (local7.debug /opt/aisms/fw/LOCAL7.debug)
cfline(1): (mail.debug /var/log/syslog)
syslogd: version 1.100
Started: Tue Jan 15 09:54:43 2008
Input message count: system 0, network 0
# Outputs: 7
------------------------ priority = [file, facility] ------------------------
0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4
--------------------------------------------------
5 3 3 3 5 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 X CONSOLE: /dev/sysmsg
7 3 2 5 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 X FILE: /var/adm/messages
3 1 1 3 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 X USERS: operator
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 X USERS: root
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 X WALL:
X X X X X X X X X X X X X X X X X X X X X X X 7 X FILE: /opt/aisms/fw/LOCAL7.debug
X X 7 X X X X X X X X X X X X X X X X X X X X X X FILE: /var/log/syslog
Facilities:
[00] kern: 0
[01] user: 8
[02] mail: 16
[03] daemon: 24
[04] auth: 32
[05] security: 32
[06] mark: 192
[07] syslog: 40
[08] lpr: 48
[09] news: 56
[10] uucp: 64
[11] cron: 120
[12] local0: 128
[13] local1: 136
[14] local2: 144
[15] local3: 152
[16] local4: 160
[17] local5: 168
[18] local6: 176
[19] local7: 184
Priorities:
[00] panic: 0
[01] emerg: 0
[02] alert: 1
[03] crit: 2
[04] err: 3
[05] error: 3
[06] warn: 4
[07] warning: 4
[08] notice: 5
[09] info: 6
[10] debug: 7
[11] none: 16
Per File Statistics
File Tot Dups Nofwd Errs
---- --- ---- ----- ----
/dev/sysmsg 0 0 0 0
/var/adm/messages 0 0 0 0
operator 0 0 0 0
root 0 0 0 0
WALL 0 0 0 0
/opt/aisms/fw/LOCAL7.debug 0 0 0 0
/var/log/syslog 0 0 0 0
logmsg(9): msg dispatcher started
sys_poll(10): sys_thread started
logerror(1): syslogd: syslogd pid 3803 already running. Cannot start another syslogd pid 3805
writemsg(#
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/10410/viewspace-144759/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/10410/viewspace-144759/
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
