搭建syslog日志服务器,可以使每个服务器的日志集中保存到syslog日志服务器端,这样就可以通过一台服务器集中管理所有的日志了。那将如何实现呢?现在我们在rhel5.9上搭建一台syslog日志服务器。
1,配置要求:
nA机作为服务端,集中管理保存客户机的日志;
nB作为测试客户端,将日志发送到服务端;
n两台机器通信正常
2,测试主机的通信
[root@localhost ~]# ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.075ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=0.028ms
64 bytes from 10.0.0.1: icmp_seq=3 ttl=64 time=0.027ms
3,在主机A上做以下配置:
[root@localhost ~]# vim/etc/sysconfig/syslog
# Options to syslogd
# -m 0 disables 'MARK' messages.
# -r enables logging from remote machines
# -x disables DNS lookups on messages recieved with-r
# See syslogd(8) for more details
SYSLOGD_OPTIONS="-m 0 -r"……添加一个参数-r
# Options to klogd
# -2 prints all kernel oops messages twice; once forklogd to decode, and
# once forprocessing with 'ksymoops'
# -x disables all klogd processing of oops messagesentirely
# See klogd(8) for more details
KLOGD_OPTIONS="-x"
#
SYSLOG_UMASK=077
# set this to a umask value to use for all log filesas in umask(1).
# By default, all permissions are removed for"group" and "other".
~
~
~
-- INSERT -- 6,24 All
上述配置中几个运行参数的含义(可man syslogd查看)如下:
-r:表示允许接收其他主机发送过来的日志记录。
-x:表示不进行DNS域名解析。
-m:表示记录日志时的时间标记间隔(设为0禁用该功能)。
4,修改主机B的日志记录位置,将日志保存到服务端
[root@localhost ~]# vim/etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
*.* @10.0.0.1
…… 把日志保存到服务端
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in aspecial file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
~
~
8,19-65 All
5,重新开启syslog日志服务
[root@localhost ~]# servicesyslog restart
Shutting down kernel logger: [ OK ]
Shutting down system logger: [ OK ]
Starting system logger: [ OK ]
Starting kernel logger: [ OK ]
6,防火墙,syslog传送日志的端口为UDP的514,默认是阻止此端口的。此处做验证不再做防火墙的配置,我们把防火墙关闭即可
[root@localhost ~]# service iptablesstop
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
[root@localhost ~]# serviceiptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
7,验证
用bob用户建立一条计划任务
[root@localhost~]# crontab -e -u bob
* * * * * echo="helloworld!"
~
在服务器端动态查看cron日志文件
[root@localhost ~]# tail -f/var/log/cron
Jul 22 16:44:10 localhost anacron[3221]: ReceivedSIGUSR1
Jul 22 16:44:10 localhost anacron[3221]: Exited
Feb 24 18:57:49 localhost crond[3952]: (CRON) STARTUP(V5.0)
Feb 24 18:57:49 localhost anacron[4013]: Anacron 2.3started on 2014-02-24
Feb 24 18:57:50 localhost anacron[4013]: Will run job`cron.daily' in 65 min.
Feb 24 18:57:50 localhost anacron[4013]: Will run job`cron.weekly' in 70 min.
Feb 24 18:57:50 localhost anacron[4013]: Will run job`cron.monthly' in 75 min.
Feb 24 18:57:51 localhost anacron[4013]: Jobs will beexecuted sequentially
Feb 24 19:01:01 localhost crond[4292]: (root) CMD(run-parts /etc/cron.hourly)
Feb 24 19:56:51 10.0.0.2crontab[5899]: (root) END EDIT (bob)
Feb 24 19:57:01 10.0.0.2 crond[5923]: (bob) CMD (echo="hello world!")
Feb 24 19:58:01 10.0.0.2crond[5945]: (bob) CMD (echo="hello world!")