A主机(172.25.254.30)作为上传日志的主机 , B主机(172.25.254.230)作为接受主机
简单的将A上的所有日志同时放到B主机上
一、A主机配置:
1.编辑rsyslog配置文件:
vim /etc/rsyslog.conf
在*.info ... none 后面添加一行 注意位置正确!
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
*.* @172.25.254.230 #*.* 表示所有日志类型所有日志级别 @IP表示使用UDP传输到目标主机
2.重启rsyslog服务
[root@Rsyslog-A ~]# systemctl restart rsyslog.service
二、B主机配置
1.编辑rsyslog配置文件:
vim /etc/rsyslog.conf
将以下两行取消注释(如图) 开启日志接受模块: 注意是UDP的接受方式
2.重启rsyslog服务
[root@Rsyslog-B ~]# systemctl restart rsyslog.service
3.查看UDP 514端口服务是否启动(已👌)
[root@Ryslog-B ~]# netstat -antulpe| grep 514
udp 0 0 0.0.0.0:514 0.0.0.0:* 0 1397 1716/rsyslogd
udp6 0 0 :::514 :::* 0 1398 1716/rsyslogd
三、测试传输情况
为方便观察将B日志文件清空 、 B 主机开启日志监听 、A打日志消息 、再在A主机上确认一下日志,👌
[root@Rsyslog-B ~]# > /var/log/messages
[root@Rsyslog-A ~]# logger testmessage!
[root@Rsyslog-B ~]# tail -f /var/log/messages
Aug 5 21:15:01 Ryslog-A systemd[1]: Started Session 189 of User root.
Aug 5 21:15:01 Ryslog-A systemd[1]: Started Session 190 of User root.
Aug 5 21:15:01 Ryslog-A systemd[1]: session-190.scope: Deactivated successfully.
Aug 5 21:15:04 Ryslog-A systemd[1]: session-189.scope: Deactivated successfully.
Aug 5 21:15:10 Ryslog-A root[2491]: testmessage!
[root@Rsyslog-A ~]# cat /var/log/messages
Aug 5 21:15:01 ServerA systemd[1]: Started Session 189 of User root.
Aug 5 21:15:01 ServerA systemd[1]: Started Session 190 of User root.
Aug 5 21:15:01 ServerA systemd[1]: session-190.scope: Deactivated successfully.
Aug 5 21:15:04 ServerA systemd[1]: session-189.scope: Deactivated successfully.
Aug 5 21:15:10 ServerA root[2491]: testmessage!