Rsyslog+H3C日志系统

发布时间：2019-09-02 07:43:15编辑：auto阅读（1574）

一、交换机发送日志到linux主机

[9F-3600V2-EI]info-center loghost 192.168.11.36

[9F-3600V2-EI]info-center enable 




二、linux下配置

   1.建立日志文件路径，路径可以修改

[root@nginx-master h3c]#  mkdir /var/log/h3c

[root@nginx-master h3c]#touch /var/log/h3c/log

[root@nginx-master h3c]#vim /etc/rsyslog.conf   修改配置文件

# rsyslog v5 configuration file

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html

#### MODULES ####

#$ModLoad immark  # provides --MARK-- message capability  

# Provides UDP syslog reception #############去掉#号########################

$ModLoad imudp 

$UDPServerRun 514

    

# Provides TCP syslog reception

#$ModLoad imtcp

#$InputTCPServerRun 514

#### GLOBAL DIRECTIVES ####

# not useful and an extreme performance hit

#$ActionFileEnableSync on

$IncludeConfig /etc/rsyslog.d/*.conf

#### RULES ####




# Log all kernel messages to the console.

# Logging much else clutters up the screen.

#kern.*                                                 /dev/console

authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.

# Log cron stuff

cron.*                                                  /var/log/cron

# Everybody gets emergency messages

*.emerg                                                 *

# Save boot messages also to boot.log

# ### begin forwarding rule ###

# The statement between the begin ... end define a SINGLE forwarding

# rule. They belong together, do NOT split them. If you create multiple

# forwarding rules, duplicate the whole block!

# Remote Logging (we use TCP for reliable delivery)

#

# An on-disk queue is created for this action. If the remote host is

# down, messages are spooled to disk and sent when it is up again.

#$WorkDirectory /var/lib/rsyslog # where to place spool files

#$ActionQueueFileName fwdRule1 # unique name prefix for spool files

#$ActionQueueMaxDiskSpace 1g   # 1gb space limit (use as much as possible)

#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown

#$ActionQueueType LinkedList   # run asynchronously

#$ActionResumeRetryCount -1    # infinite retries if host is down

# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional

#*.* @@remote-host:514

# ### end of the forwarding rule ###

###########添加内容#################################

SYSLOGD_OPTIONS="-c 2 -r -x -m 180"

KLOGD_OPTIONS="-x"

local7.info /var/log/h3c/log

#########service rsyslog status/stop/start

 配置完成后，linux主机可正常接收网络设备日志          

关键字：