文章目录
配置远程日志服务器-> 实现日志的集中管理
环境:
两台服务器 server端 client 端
server端配置
1、server端配置
[root@ localhost ~]# vim /etc/rsyslog.conf
# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
2、重启 rsyslog
[root@ localhost ~]# systemctl restart rsyslog
3、查看是否监听514端口
[root@ localhost ~]# netstat -antup | grep 514
tcp 0 0 0.0.0.0:514 0.0.0.0:* LISTEN 1949/rsyslogd
tcp6 0 0 :::514 :::* LISTEN 1949/rsyslogd
client 端配置
1、client 端配置
[root@ localhost ~]# vim /etc/rsyslog.conf
79 #*.* @@remote-host:514
81 *.* @@192.168.1.19:514
2、重启服务
[root@ localhost ~]# service rsyslog restart
Shutting down system logger: [ OK ]
Starting system logger: [ OK ]
服务端验证
1、关闭防火墙和selinux
[root@ localhost ~]# getenforce
Enforcing
[root@ localhost ~]# setenforce 0
[root@ localhost ~]# getenforce
Permissive
[root@ localhost ~]# systemctl stop firewalld.service
2、开启日志监控
[root@ localhost ~]# tail -f /var/log/messages
Feb 28 17:24:12 localhost systemd: Started Cleanup of Temporary Directories.
Feb 28 17:24:20 localhost rsyslogd: [origin software="rsyslogd" swVersion="7.4.7" x-pid="1250" x-info="http://www.rsyslog.com"] exiting on signal 15.
3、在客户端测试logger
[root@ localhost ~]# logger -p info "hello,world,i am coming"
[root@ localhost ~]# logger -p info "hello,world,i am coming"
4、查看服务器端的变化
tail -f 出来的内容多了两行
Feb 29 00:36:58 xinsz08-64 root: hello,world,i am coming
Feb 29 00:37:09 xinsz08-64 root: hello,world,i am coming
