Centos6

Rsyslog 未擷取遠端日誌

  • June 26, 2016

我正在使用 Rsyslog 伺服器配置 LogAnalyzer。我已經完成了 HTTP 配置。但我的 loganalyzer 只記錄來自本地主機的日誌。我有點困惑在哪裡配置 snmp 字元串/社區。儘管我檢查了 MYSql,但我的 cisco 設備沒有日誌。

請幫我。

# Provides TCP syslog reception
# for parameters see http://www.rsyslog.com/doc/imtcp.html
module(load="imtcp") # needs to be done just once
input(type="imtcp" port="514")

#### GLOBAL DIRECTIVES ####

# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

#File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on

# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf


#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  /var/log/maillog


# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 :omusrmsg:*

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log




$ModLoad ommysql
*.* :ommysql:127.0.0.1,Syslog,Syslogadmin,123456

#allow logs sender’s IP range below below
$AllowedSender UDP, 10.50.56.34
$AllowedSender TCP, 10.50.56.34

您能否驗證您使用的防火牆是否設置為允許通過 UDP 和 TCP 流量在埠 514 上的傳入流量?如果是這樣,則暫時禁用 SELinux 並重試。

引用自:https://serverfault.com/questions/786342