on it road.com
配置远程日志主机系统
在远程日志主机系统上,通过取消注释并更改以下两行,配置 /etc/rsyslog.conf 以使用端口 999 通过 TCP 侦听 rsyslog:
#$ModLoad imtcp.so # load module #$InputTCPServerRun 514 # start up TCP listener at port 514
在标题为:TCP Syslog 服务器的部分中
# ######### Receiving Messages from Remote Hosts ########## # TCP Syslog Server: # provides TCP syslog reception and GSS-API $ModLoad imtcp.so # load module $InputTCPServerRun 999 # start up TCP listener at port 999
在两个系统上修改 /etc/rsyslog.conf 后,重新启动两个系统上的 rsyslog 服务:
# svcadm disable svc:/system/system-log:rsyslog # svcadm enable svc:/system/system-log:rsyslog
检查确认
在源系统上,使用 logger 命令测试消息是否正在发送到远程日志主机:
# logger -p daemon.warn "this is a test"
然后检查远程日志主机上的 /var/adm/messages 文件以获取测试消息:
# tail /var/adm/messages
配置源系统
在源系统上,在/etc/rsyslog.conf 文件中添加远程日志主机系统的主机名或者IP,按照标题为:# Remote Logging(我们使用TCP 进行可靠传送)部分中的注释示例
在此示例中,消息将使用端口 999 发送到远程主机 192.65.4.61.
确保该端口未用于任何其他服务:
# Remote Logging (we use TCP for reliable delivery) # An on-disk queue is created for this action. If the remote host is # down, messages are spooled to disk and sent when it is up again. #$WorkDirectory /var/spool/rsyslog # where to place spool files #$ActionQueueFileName uniqName # unique name prefix for spool files #$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) #$ActionQueueSaveOnShutdown on # save messages to disk on shutdown #$ActionQueueType LinkedList # run asynchronously #$ActionResumeRetryCount -1 # infinite retries if host is down # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional #*.* @@remote-host:514 *.* @@192.65.4.61:999
system/rsyslog 服务是 Solaris 11.1 发行版中新提供的。
要通过 TCP 发送和接收消息,必须在发送 Solaris 系统(源系统)和接收 Solaris 系统(远程日志主机)上安装 rsyslog pkg。
在 Solaris 11.1 及更高版本中默认不安装 rsyslog 包,可能需要添加。
在源 Solaris 系统和远程日志主机系统上,使用以下命令检查 rsyslog 包:
# pkg info system/rsyslog
pkg: info: no packages matching the following patterns you specified are
installed on the system. Try specifying -r to query remotely:
system/rsyslog
如果未安装 rsyslog 包,可以使用以下命令进行安装:
# pkg install system/rsyslog
Packages to install: 3
Services to change: 1
Create boot environment: No
Create backup boot environment: No
Planning linked: 0/3 done; 1 working: zone:testzone
Planning linked: 1/3 done; 1 working: zone:test1
Planning linked: 2/3 done; 1 working: zone:test2
Planning linked: 3/3 done
DOWNLOAD PKGS FILES XFER (MB) SPEED
Completed 3/3 68/68 1.5/1.5 1.5M/s
Downloading linked: 0/3 done; 1 working: zone:testzone
Downloading linked: 1/3 done; 1 working: zone:test1
Downloading linked: 2/3 done; 1 working: zone:test2
Downloading linked: 3/3 done
PHASE ITEMS
Installing new actions 147/147
Updating package state database Done
Updating package cache 0/0
Updating image state Done
Creating fast lookup database Done
Executing linked: 0/3 done; 1 working: zone:testzone
Executing linked: 1/3 done; 1 working: zone:test1
Executing linked: 2/3 done; 1 working: zone:test2
Executing linked: 3/3 done
Updating package cache 1/1
查看随 rsyslog 包一起提供的 /etc/rsyslog.conf 文件:
# cat /etc/rsyslog.conf # if you experience problems, check # http://www.rsyslog.com/doc/troubleshoot.html for assistance # rsyslog v3: load input modules # If you do not load inputs, nothing happens! #$ModLoad immark # provides --MARK-- message capability #$ModLoad imuxsock # can be used for rate-limiting and flow-control $ModLoad imsolaris # for Solaris kernel logging # High priority messages to the console *.err;kern.notice;auth.notice /dev/sysmsg # Next highest priority to the messages file *.err;kern.debug;daemon.notice;mail.crit /var/adm/messages # Preserve traditional Solaris syslog defaults *.alert;kern.err;daemon.err :omusrmsg:operator *.alert :omusrmsg:root # Log anything (except auth, cron, daemon & mail) of level info or higher. *.info;mail.none;auth.none;cron.none -/var/log/misc.log # Log all the auth, daemon & mail messages in one place. auth.* -/var/log/auth.log daemon.* -/var/log/daemon.log mail.* -/var/log/mail.log # Everybody gets emergency messages *.emerg :omusrmsg:* # Remote Logging (we use TCP for reliable delivery) # An on-disk queue is created for this action. If the remote host is # down, messages are spooled to disk and sent when it is up again. #$WorkDirectory /var/spool/rsyslog # where to place spool files #$ActionQueueFileName uniqName # unique name prefix for spool files #$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) #$ActionQueueSaveOnShutdown on # save messages to disk on shutdown #$ActionQueueType LinkedList # run asynchronously #$ActionResumeRetryCount -1 # infinite retries if host is down # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional #*.* @@remote-host:514 # ######### Receiving Messages from Remote Hosts ########## # TCP Syslog Server: # provides TCP syslog reception and GSS-API #$ModLoad imtcp.so # load module #$InputTCPServerRun 514 # start up TCP listener at port 514 # UDP Syslog Server: #$ModLoad imudp.so # provides UDP syslog reception #$UDPServerAddress * # listen to all IP addresses #$UDPServerRun 514 # start a UDP syslog server at standard port 514
日期:2020-09-17 00:15:06 来源:oir作者:oir