Logging
Rsyslogd 沒有監聽埠
我在 ubuntu 伺服器上安裝了 rsyslogd,啟動它,一切看起來都很好,但是伺服器應該監聽的埠沒有打開。
ubuntu@node7:~$ sudo service rsyslog restart rsyslog stop/waiting rsyslog start/running, process 14114Netstat 顯示它沒有在聽:
ubuntu@node7:~$ netstat -tlan Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 320 172.22.0.17:22 10.8.8.38:61335 ESTABLISHED tcp6 0 0 :::22 :::* LISTEN tcp6 0 0 :::2776 :::* LISTEN tcp6 0 0 :::2777 :::* LISTEN tcp6 0 0 172.22.0.17:2777 172.22.0.11:56554 ESTABLISHED tcp6 0 0 172.22.0.17:2776 172.22.0.11:39780 ESTABLISHED這是 /etc/rsyslog.conf 的樣子(大部分註釋被省略):
ubuntu@node7:~$ cat /etc/rsyslog.conf ################# #### MODULES #### ################# $ModLoad imuxsock # provides support for local system logging $ModLoad imklog # provides kernel logging support (previously done by rklogd) $ModLoad imtcp $InputTCPServerRun 514 ########################### #### GLOBAL DIRECTIVES #### ########################### $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat $RepeatedMsgReduction on $WorkDirectory /var/spool/rsyslog $FileOwner syslog $FileGroup adm $FileCreateMode 0640 $DirCreateMode 0755 $Umask 0022 $PrivDropToUser syslog $PrivDropToGroup adm $IncludeConfig /etc/rsyslog.d/*.conf在
/etc/rsyslog.d/35-server-per-host.conf我有以下幾行,我懷疑這可能是原因。這是什麼意思?# Stop processing of all non-local messages. You can process remote messages # on levels less than 35. :fromhost-ip,!isequal,"127.0.0.1" ~如果是,我怎麼能改變它讓伺服器監聽、接收和記錄消息?
更新:
我註釋掉了可疑的線路,但它仍然沒有在埠 514 上監聽
AppArmor可能會阻止 rsyslogd 偵聽此埠。您可以通過查看系統日誌來驗證這一點:
grep apparmor /var/log/syslog如果您看到提到 rsyslog 的行,那麼這可能就是原因。編輯
/etc/apparmor.d/local/usr.sbin.rsyslogd(或者/etc/apparmor.d/usr.sbin.rsyslogd如果不存在)並在大括號之間添加:network inet dgram, network inet6 dgram, network inet stream, network inet6 stream,然後執行
service apparmor reload和service rsyslog restart。
預設情況下,rsyslod 監聽 unix 套接字,而不是 TCP 套接字。取消註釋或添加這兩行:
module(load="imtcp") input(type="imtcp" port="514")就是這樣,玩得開心!
在上面