日志服务器:192.168.6.205
# rsyslog配置 [root@localhost log]# cat /etc/rsyslog.conf | grep -Ev "^#|^$" $ModLoad imuxsock # provides support for local system logging (e.g. via logger command) $ModLoad imjournal # provides access to the systemd journal $ModLoad imudp # 开启udp接收 $UDPServerRun 514 # udp端口 $ModLoad imtcp # 开启tcp接收 $InputTCPServerRun 514 # tcp端口 $WorkDirectory /var/lib/rsyslog $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat $IncludeConfig /etc/rsyslog.d/*.conf $OmitLocalLogging on $IMJournalStateFile imjournal.state *.info;mail.none;authpriv.none;cron.none /var/log/messages authpriv.* /var/log/secure mail.* -/var/log/maillog cron.* /var/log/cron *.emerg :omusrmsg:* uucp,news.crit /var/log/spooler local7.* /var/log/boot.log local6.* /var/log/usg6000.log # usg设备发送过来的设施代码为local6,将所有日志级别(.*)写到配置的日志路径
# 重启rsyslog [root@localhost log]# systemctl restart rsyslog
# usg配置 [USG6300]info-center enable [USG6300]info-center source default channel 2 log level informational [USG6300]info-center loghost 192.168.6.205 facility local6 port 514 channel 2 language English source-ip 192.168.12.45 Warning: There is security risk as this operation enables a non secure syslog protocol. facility 为对应 rsyslog 中的设施代码,usg中支持0-7 [USG6300]info-center loghost 192.168.6.205 facility ? local0 Logging host facility local1 Logging host facility local2 Logging host facility local3 Logging host facility local4 Logging host facility local5 Logging host facility local6 Logging host facility local7 Logging host facility
# rsyslog配置发送者白名单,允许来源ip $AllowedSender UDP, 192.168.222.10/24, 10.0.0.0/8
# 通过shell命令测试发送日志消息 logger -n 192.168.6.205 -p user.info "aaaaaaaaaaaa"
原创文章,转载请注明。本文链接地址: https://www.rootop.org/pages/5448.html