Centos6
Rsyslog 未擷取遠端日誌
我正在使用 Rsyslog 伺服器配置 LogAnalyzer。我已經完成了 HTTP 配置。但我的 loganalyzer 只記錄來自本地主機的日誌。我有點困惑在哪裡配置 snmp 字元串/社區。儘管我檢查了 MYSql,但我的 cisco 設備沒有日誌。
請幫我。
# Provides TCP syslog reception # for parameters see http://www.rsyslog.com/doc/imtcp.html module(load="imtcp") # needs to be done just once input(type="imtcp" port="514") #### GLOBAL DIRECTIVES #### # Use default timestamp format $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat #File syncing capability is disabled by default. This feature is usually not required, # not useful and an extreme performance hit #$ActionFileEnableSync on # Include all config files in /etc/rsyslog.d/ $IncludeConfig /etc/rsyslog.d/*.conf #### RULES #### # Log all kernel messages to the console. # Logging much else clutters up the screen. #kern.* /dev/console # Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;authpriv.none;cron.none /var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/secure # Log all the mail messages in one place. mail.* /var/log/maillog # Log cron stuff cron.* /var/log/cron # Everybody gets emergency messages *.emerg :omusrmsg:* # Save news errors of level crit and higher in a special file. uucp,news.crit /var/log/spooler # Save boot messages also to boot.log local7.* /var/log/boot.log $ModLoad ommysql *.* :ommysql:127.0.0.1,Syslog,Syslogadmin,123456 #allow logs sender’s IP range below below $AllowedSender UDP, 10.50.56.34 $AllowedSender TCP, 10.50.56.34
您能否驗證您使用的防火牆是否設置為允許通過 UDP 和 TCP 流量在埠 514 上的傳入流量?如果是這樣,則暫時禁用 SELinux 並重試。