搭建成日志服务器后,将接收来自rsyslog客户端的日志。
1、安装rsyslog软件
[root@centos6 ~]# rpm -qa|grep rsyslog
rsyslog-5.8.10-12.el6.x86_64
2、编辑配置文件/etc/rsyslog.conf,开启udp和tcp协议的514端口,用于接收客户端日志
egrep -v '^#|^$' /etc/rsyslog.conf
[root@centos6 ~]# vim /etc/rsyslog.conf
#Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
#Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
重启生效
[root@centos6 ~]# service rsyslog restart
Shutting down system logger: [ OK ]
Starting system logger: [ OK ]
[root@centos6 ~]# netstat -tupln|grep rsyslog
tcp 0 0 0.0.0.0:514 0.0.0.0:* LISTEN 19385/rsyslogd
tcp 0 0 :::514 :::* LISTEN 19385/rsyslogd
udp 0 0 0.0.0.0:514 0.0.0.0:* 19385/rsyslogd
udp 0 0 :::514 :::* 19385/rsyslogd
[root@centos6 ~]#
3、在客户端的/etc/rsyslog.conf中配置将本地哪些facility.level发送给远程的日志服务器
vim /etc/rsyslog.conf
*.* @172.16.0.131:514 #for udp
*.* @@172.16.0.131:514 #for tcp
重启rsyslog服务
systemctl restart rsyslog
4、在客户端测试发送给远程日志服务器
[root@centos7 ~]# logger -t "test-7" "this is a test for centos 7 log"
[root@centos7 ~]#
在本地会记录一份日志消息,在远程上的/var/log/messages里也会记录
Sep 9 14:02:08 centos6 kernel: imklog 5.8.10, log source = /proc/kmsg started.
Sep 9 14:02:08 centos6 rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="20421" x-info="http://www.rsyslog.com"] start
Sep 6 15:53:47 centos7 test-7: this is a test for centos 7 log