#config the log server to accept log from remote host
vi /etc/sysconfig/syslog
SYSLOGD_OPTIONS="-m 0 -r"
add -r to enable remote log
then
service syslog restart
#configure Mail server web server to mail log to log server
vi /etc/syslog.conf
mail.* @logserveraddress
service syslog restart
#Log all mail messages to one file
mail.* /var/log/maillog
#save mails and news error of level critic to a special file
uucp,news.crit /var/log/spooler
#everybody got emergency messages and log then to remote machine
*.emerg *
*.emerg @192.168.1.1
#root and tiger user get alert and higher messages
*.alert root,tiger
#Log all kernel messaes to console
kern.* /dev/console
#
vi /etc/hosts
vi /etc/sysconfig/syslog
SYSLOGD_OPTIONS="-m 0 -r"
add -r to enable remote log
then
service syslog restart
#configure Mail server web server to mail log to log server
vi /etc/syslog.conf
mail.* @logserveraddress
service syslog restart
#Log all mail messages to one file
mail.* /var/log/maillog
#save mails and news error of level critic to a special file
uucp,news.crit /var/log/spooler
#everybody got emergency messages and log then to remote machine
*.emerg *
*.emerg @192.168.1.1
#root and tiger user get alert and higher messages
*.alert root,tiger
#Log all kernel messaes to console
kern.* /dev/console
#
vi /etc/hosts
192.168.1.1 server.example.com server loghost
ensure open port 514 on firewall
ensure both machines remote server and client are sync with ntp server time
转载于:https://blog.51cto.com/johnnyxing/196113