如何在 CentOS/RHEL/Fedora 中配置代理
如何为在 Linux 上运行的 MySQL 服务器配置资源组
如何在 CentOS/RHEL 中配置远程 Rsyslog 以接受 TLS 和非 TLS

这篇文章将展示如何配置 CentOS/RHEL 系统以仅使用 TLS 和非 TLS 接受远程日志消息。
假设我们有以下服务器。

  • 带有 TLS 和非 TLS 的 Rsyslog 服务器:syslog-server.onitroad.com
  • 客户端 TLS : syslog-tls.onitroad.com
  • 客户端非 TLS : syslog-non-tls.onitroad.com
  1. 使用以下教程在 rsyslog-server 和客户端上设置 TLS:

如何配置 rsyslog 服务器以通过 SSL/TLS 接受日志

  1. 在继续之前测试 TLS 是否正常工作。

  2. 在 Rsyslog 服务器上,使用以下选项编辑 /etc/rsyslog.conf:

TLS connection will use port 1514
Non TLS connection will use por 514

关于imptcp模块,请参考以下文档:http://www.rsyslog.com/doc/v8-stable/configuration/modules/imptcp.html

提供通过普通 TCP 系统日志接收系统日志消息的能力。
这是一个专门为 Linux 上的高性能量身定制的输入插件。
它可能不会在任何其他平台上运行。
此外,它不提供 TLS 服务。
可以使用 stunnel 提供加密。

此模块对可以使用的侦听器和会话的数量没有限制。

# vi /etc/rsyslog.conf
#### MODULES ####
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # reads kernel messages (the same are read from journald)
module(
load="imptcp"
Threads="2"
)
input(
type="imptcp"
port="514"
)
# Provides TCP syslog reception
$ModLoad imtcp
#Make gtls driver the default
$DefaultNetstreamDriver gtls
# certificate files
$DefaultNetstreamDriverCAFile /etc/pki/tls/private/ca-cert.pem
$DefaultNetstreamDriverCertFile /etc/pki/tls/private/collector-cert.pem
$DefaultNetstreamDriverKeyFile /etc/pki/tls/private/collector-key.pem
$ActionSendStreamDriverAuthMode x509/name
$ActionSendStreamDriverPermittedPeer *.onitroad.com
$ActionSendStreamDriverMode 1
$InputTCPServerRun 10514
#### GLOBAL DIRECTIVES ####
# Where to place auxiliary files
$WorkDirectory /var/lib/rsyslog
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
# Turn off message reception via local log socket;
# local messages are retrieved through imjournal now.
$OmitLocalLogging on
# File to store the position in the journal
$IMJournalStateFile imjournal.state
$template RemoteLogsTesting,"/var/log//%HOSTNAME%/syslog.log"
if $fromhost-ip != '127.0.0.1' then -?RemoteLogsTesting
& stop
#Set the maximum number of files that the rsyslog process can have open at any given time
$MaxOpenFiles 2048
#### RULES ####
*.info;mail.none;authpriv.none;cron.none /var/log/messages
authpriv.* /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
*.emerg :omusrmsg:*
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log

重新启动 rsyslog 服务以使更改生效:

# systemctl rsyslog restart
  1. 在使用 TLS 的 Rsyslog 客户端上,编辑 /etc/rsyslog.conf
# vi /etc/rsyslog.conf
#### MODULES ####
# The imjournal module bellow is now used as a message source instead of imuxsock.
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal
# make gtls driver the default
$DefaultNetstreamDriver gtls
# certificate files
$DefaultNetstreamDriverCAFile /etc/pki/tls/private/ca-cert.pem
$DefaultNetstreamDriverCertFile /etc/pki/tls/private/sender-cert.pem
$DefaultNetstreamDriverKeyFile /etc/pki/tls/private/sender-key.pem
$ActionSendStreamDriverAuthMode x509/name
$ActionSendStreamDriverPermittedPeer *
$ActionSendStreamDriverMode 1 # run driver in TLS-only mode
#### GLOBAL DIRECTIVES ####
# Where to place auxiliary files
$WorkDirectory /var/lib/rsyslog
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
# Turn off message reception via local log socket;
# local messages are retrieved through imjournal now.
$OmitLocalLogging on
# File to store the position in the journal
$IMJournalStateFile imjournal.state
#### RULES ####
*.info;mail.none;authpriv.none;cron.none /var/log/messages
authpriv.* /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
*.emerg :omusrmsg:*
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
*.* @@10.157.193.9:10514

重新启动 rsyslog 服务以使更改生效:

# systemctl rsyslog restart
  1. 在 Rsyslog 客户端非 TLS 上,编辑 /etc/rsyslog.conf:
# vi /etc/rsyslog.conf
#### MODULES ####
# The imjournal module bellow is now used as a message source instead of imuxsock.
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal
#### GLOBAL DIRECTIVES ####
# Where to place auxiliary files
$WorkDirectory /var/lib/rsyslog
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
# Turn off message reception via local log socket;
# local messages are retrieved through imjournal now.
$OmitLocalLogging on
# File to store the position in the journal
$IMJournalStateFile imjournal.state
#### RULES ####
*.info;mail.none;authpriv.none;cron.none /var/log/messages
authpriv.* /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
*.emerg :omusrmsg:*
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
*.*@@10.157.193.9:514

重新启动 rsyslog 服务以使更改生效:

# systemctl rsyslog restart
更多: zhilu jiaocheng

测试:

客户端 TLS:

[root@syslog-tls ~]# logger onitroad TEST
[root@syslog-tls ~]# logger onitroad TEST

客户端非 TLS:

[root@syslog-non-tls ~]# logger onitroad test
[root@syslog-non-tls ~]# logger onitroad test

Rsyslog 服务器:

[root@syslog-server ]# ls
syslog-non-tls syslogtest
[root@syslog-server ]#
root@syslog-server syslog-non-tls]# tail -2 syslog.log
Sep 21 18:07:19 syslog-non-tls root: onitroad test
Sep 21 18:07:20 syslog-non-tls root: onitroad test
[root@syslog-server syslog-tls]# cat syslog.log
Stop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Sep 21 18:22:02 syslog-tls root: onitroad TEST
Sep 21 18:22:03 syslog-tls root: onitroad TEST
Sep 21 18:22:03 syslog-tls root: onitroad TEST
[root@syslog-server ]# netstat -tulpan | grep -i 514
tcp 0 0 0.0.0.0:514 0.0.0.0:* LISTEN 2460/rsyslogd
tcp 0 0 0.0.0.0:10514 0.0.0.0:* LISTEN 2460/rsyslogd
tcp 0 0 10.157.193.9:514 10.157.193.131:14178 ESTABLISHED 2460/rsyslogd Non tls server
tcp 0 0 10.157.193.9:10514 10.157.193.159:47027 ESTABLISHED 2460/rsyslogd tls server
tcp6 0 0 :::514 :::* LISTEN 2460/rsyslogd
tcp6 0 0 :::10514 :::* LISTEN 2460/rsyslogd
udp 0 0 0.0.0.0:514 0.0.0.0:* 2460/rsyslogd
udp6 0 0 :::514 :::* 2460/rsyslogd
[root@syslog-server ]#
日期:2020-09-17 00:13:23 来源:oir作者:oir
如何在 CentOS/RHEL/Fedora 中配置代理
如何为在 Linux 上运行的 MySQL 服务器配置资源组

目录

Copyright © 2017-2019 OnITRoad.com All rights reserved.  桂ICP备20001160号-1  关于 | 隐私和政策