文章目錄
配置遠程日誌服務器-> 實現日誌的集中管理
環境:
兩臺服務器 server端 client 端
server端配置
1、server端配置
[root@ localhost ~]# vim /etc/rsyslog.conf
# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
2、重啓 rsyslog
[root@ localhost ~]# systemctl restart rsyslog
3、查看是否監聽514端口
[root@ localhost ~]# netstat -antup | grep 514
tcp 0 0 0.0.0.0:514 0.0.0.0:* LISTEN 1949/rsyslogd
tcp6 0 0 :::514 :::* LISTEN 1949/rsyslogd
client 端配置
1、client 端配置
[root@ localhost ~]# vim /etc/rsyslog.conf
79 #*.* @@remote-host:514
81 *.* @@192.168.1.19:514
2、重啓服務
[root@ localhost ~]# service rsyslog restart
Shutting down system logger: [ OK ]
Starting system logger: [ OK ]
服務端驗證
1、關閉防火牆和selinux
[root@ localhost ~]# getenforce
Enforcing
[root@ localhost ~]# setenforce 0
[root@ localhost ~]# getenforce
Permissive
[root@ localhost ~]# systemctl stop firewalld.service
2、開啓日誌監控
[root@ localhost ~]# tail -f /var/log/messages
Feb 28 17:24:12 localhost systemd: Started Cleanup of Temporary Directories.
Feb 28 17:24:20 localhost rsyslogd: [origin software="rsyslogd" swVersion="7.4.7" x-pid="1250" x-info="http://www.rsyslog.com"] exiting on signal 15.
3、在客戶端測試logger
[root@ localhost ~]# logger -p info "hello,world,i am coming"
[root@ localhost ~]# logger -p info "hello,world,i am coming"
4、查看服務器端的變化
tail -f 出來的內容多了兩行
Feb 29 00:36:58 xinsz08-64 root: hello,world,i am coming
Feb 29 00:37:09 xinsz08-64 root: hello,world,i am coming