HGIGA Service Docs - Powered by Discuz! Board

標題: [CentOS版本]如何集中MailLog到一台主機上 [打印本頁]

作者: service.support 時間: 2014-3-26 14:13 標題: [CentOS版本]如何集中MailLog到一台主機上

http://taiwanwolf.blogspot.tw/2011/08/centos-6-rsyslogd-log.html

新版 CentOS 6 改用 rsyslog 取代 syslogd，所以用法也不同

[Server端設定方式]

Server 端開啟方式如下
1. vim /etc/rsyslog.conf
2. 將此兩行的註解 # 取消
#$ModLoad imudp.so
#UDPServerRun 514
3. 存檔離開
4. /etc/init.d/rsyslog restart
5. netstat -ntulp | grep 514

vi /etc/rsyslog.conf

# rsyslog v5 configuration file

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html

#### MODULES ####

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
#$ModLoad immark  # provides --MARK-- message capability

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514

[Client端設定方式]

同場加映 Client 設定方法
1. vim /etc/rsyslog.conf , 移到最下面
2. 新增 *.* @你的Log server IP:514
3. 存檔
4. /etc/init.d/rsyslog restart

Ex: 假設 Log Server為 192.168.1.1

vi /etc/rsyslog.conf

# rsyslog v5 configuration file

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html

#### MODULES ####

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
#$ModLoad immark  # provides --MARK-- message capability

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514

#### GLOBAL DIRECTIVES ####

# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on

# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf

#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                              /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none             /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                           /var/log/secure

# Log all the mail messages in one place.
mail.*                                                 -/var/log/maillog
mail.*                                              @192.168.1.1:514

歡迎光臨 HGIGA Service Docs (http://docs.hgiga.com/Discuz4/)