Configure rsyslog log client on CentOS
rsyslog is an open source tool that is widely used in Linux systems to forward or receive log messages via TCP/UDP protocol. The rsyslog daemon can be configured into two environments. One is configured as a log collection server. The rsyslog process can collect log data on other hosts from the network, and these hosts will configure the logs to be sent to another remote server. Another use of rsyslog is that it can be configured as a client to filter and send internal log messages to a remote syslog server that can be routed to
Assuming that there is already a configured and started syslog server in your network, combined with the simple topology diagram below, the following will demonstrate how to set up the CentOS system to send its internal log messages to a remote syslog server
1、 CentOS system IP: 192.168.31.33 as Rsyslog client
2、 Win7 system 192.168.31.5 install Kiwi Syslog server as syslog log server
The specific steps are as follows:
1、192.168.31.5 Install Kiwi Syslog server software on Win7 machine
2、 After the installation is complete, setup setup and start a Schedule monitoring plan that starts immediately. After saving the configuration, restart the Kiwi Syslog Daemon program
3、 The rsyslog service is pre-installed in CentOS by default
[ root@CentOS_DIY ~]# rpm -aq | grep rsyslog
rsyslog-5.8.10-10.el6_6.x86_64
4、 Edit vi /etc/rsyslog.conf
[ root@CentOS_DIY ~]# cp /etc/rsyslog.conf /etc/rsyslog.conf_default
[ root@CentOS_DIY ~]# vi /etc/rsyslog.conf
Write . @192.168.31.5:514 ###The IP of the syslog server and the UDP receiving port 514 in the last line
5、 Test to verify that the rsyslog service service rsyslog restart of the CentOS system is restarted, and you can see that the log content has been received on the Kiwi Syslog program
[ root@CentOS_DIY ~]# service rsyslog restart
Similarly, for example, restart the sshd service of the CentOS system, and you can see the relevant log content received on the Kiwi Syslog program
Tips:
1、 View man rsyslog.conf help manual
It can be seen that . @192.168.0.1 is UDP transmission (the above demonstration is the UDP transmission method)
You need a more reliable protocol, such as TCP, and the syslog server is also configured to listen for TCP connections. You must add an extra @ character before the IP address of the remote host, as shown below
. @@192.168.0.1:1468 TCP transmission port 1468
- Kiwi syslog server is configured to listen for TCP connections on port 1468
- Edit vi /etc/rsyslog.conf to . @@192.168.31.5:1468
service rsyslog restart After restarting the rsyslog service, the verification test is OK
2、 The network + port between the log sender and the log server must be able to communicate normally. If the communication fails, check the network problems and firewall configuration at both ends
Linux test whether the remote server TCP and UDP ports are open can use the nc command
You can refer to the previous article: How to detect whether the UDP port is open
[ root@CentOS_DIY ~]# nc -zv 192.168.31.5 1468
Connection to 192.168.31.5 1468 port [tcp/csdm] succeeded!
[ root@CentOS_DIY ~]# nc -zvu 192.168.31.5 514
Connection to 192.168.31.5 514 port [udp/syslog] succeeded!
This article refers to https://linux.cn/article-4835-1.html to complete
Recommended Posts