由于测试,需要安装一个 syslog server, Windows 上的免费软件搜到了 KIWI Syslog Server,但是需要注册,然后还得去等两天的审核,想想还是算了不折腾了,打算在 Linux 上装一个,还好过滤看 log。
Install #
[root@xuxing ~]#yum install rsyslog
Configure #
[root@xuxing ~]# vi /etc/rsyslog.conf
$ModLoad imudp
$UDPServerRun 514
[root@xuxing ~]# systemctl restart rsyslog
[root@xuxing ~]# systemctl enable rsyslog
[root@xuxing ~]# firewall-cmd --permanent --add-port=514/udp
[root@xuxing ~]# firewall-cmd --reload
[root@xuxing ~]# netstat -antup | grep 514
udp 0 0 0.0.0.0:514 0.0.0.0:* 623/rsyslogd
udp6 0 0 :::514 :::* 623/rsyslogd
//check syslog file
[root@xuxing ~]# tail -f -n 1 /var/log/messages
Nov 8 14:38:57 9006j UTC: 13132: LC/0/3/CPU0:Nov 8 14:38:57.197 UTC: fib_mgr[192]: %ROUTING-FIB-3-PLATF_UPD_FAIL : FIB platform update failed: Obj=DATA_TYPE_LABEL_INFO[ptr
配置 #
$template TMP,"%timegenerated% %FROMHOST% %msg%\n"
local7.* /var/log/syslog;TMP
If $fromhost-ip == ‘xxx.xxx.xxx.xxx’ or $fromhost-ip == ‘xxx.xxx.xxx.xxx’ then /home/log/archive.log;templateName