Rsyslog+H3C日志系统

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Rsyslog+H3C日志系统相关的知识,希望对你有一定的参考价值。

一、交换机发送日志到linux主机

[9F-3600V2-EI]info-center loghost 192.168.11.36

[9F-3600V2-EI]info-center enable 


二、linux下配置

   1.建立日志文件路径,路径可以修改

[[email protected] h3c]#  mkdir /var/log/h3c

[[email protected] h3c]#touch /var/log/h3c/log

[[email protected] h3c]#vim /etc/rsyslog.conf   修改配置文件

# rsyslog v5 configuration file

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html

#### MODULES ####

#$ModLoad immark  # provides --MARK-- message capability  

# Provides UDP syslog reception #############去掉#号########################

$ModLoad imudp 

$UDPServerRun 514

    

# Provides TCP syslog reception

#$ModLoad imtcp

#$InputTCPServerRun 514

#### GLOBAL DIRECTIVES ####

# not useful and an extreme performance hit

#$ActionFileEnableSync on

$IncludeConfig /etc/rsyslog.d/*.conf

#### RULES ####


# Log all kernel messages to the console.

# Logging much else clutters up the screen.

#kern.*                                                 /dev/console

authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.

# Log cron stuff

cron.*                                                  /var/log/cron

# Everybody gets emergency messages

*.emerg                                                 *

# Save boot messages also to boot.log

# ### begin forwarding rule ###

# The statement between the begin ... end define a SINGLE forwarding

# rule. They belong together, do NOT split them. If you create multiple

# forwarding rules, duplicate the whole block!

# Remote Logging (we use TCP for reliable delivery)

#

# An on-disk queue is created for this action. If the remote host is

# down, messages are spooled to disk and sent when it is up again.

#$WorkDirectory /var/lib/rsyslog # where to place spool files

#$ActionQueueFileName fwdRule1 # unique name prefix for spool files

#$ActionQueueMaxDiskSpace 1g   # 1gb space limit (use as much as possible)

#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown

#$ActionQueueType LinkedList   # run asynchronously

#$ActionResumeRetryCount -1    # infinite retries if host is down

# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional

#*.* @@remote-host:514

# ### end of the forwarding rule ###

###########添加内容#################################

SYSLOGD_OPTIONS="-c 2 -r -x -m 180"

KLOGD_OPTIONS="-x"

local7.info /var/log/h3c/log

#########service rsyslog status/stop/start

 配置完成后,linux主机可正常接收网络设备日志          


本文出自 “山猫” 博客,谢绝转载!

以上是关于Rsyslog+H3C日志系统的主要内容,如果未能解决你的问题,请参考以下文章

系统日志服务rsyslog

日志系统(rsyslog)

logstash结合rsyslog,收集系统日志

Rsyslog日志系统

Rsyslog+ELK日志分析系统搭建总结1.0(测试环境)

journalctl 和 rsyslog 系统日志查询