参考链接:
官网:
http://www.rsyslog.com/storing-messages-from-a-remote-system-into-a-specific-file/
http://www.rsyslog.com/sending-messages-to-a-remote-syslog-server/
http://www.rsyslog.com/doc/v5-stable/tutorials/log_rotation_fix_size.html#conclusion
师父:
http://debugo.com/linux-note-rsyslog/
不认识:
http://blog.csdn.net/hxh129/article/details/8089474(有详细的配置文件翻译)
服务器端:
1.安装rsyslog
2.编辑/etc/rsyslog.conf: 打开UDP、TCP监听
3.创建/etc/rsyslog.d/remoteserver.conf(写在这个文件中的规则,放在/etc/rsyslog.conf中也可生效。分文件是便于管理)
可用规则1:为每一个主机(IP)配规则
:fromhost,isequal, “debugo02″ /var/log/remoteserver.log
可用规则2:为一个IP Group配规则
$ModLoad imtcp $InputTCPServerRun 10514 # do this in FRONT of the local/regular rules if $fromhost-ip startswith '192.0.1.' then /var/log/network1.log & ~ if $fromhost-ip startswith '192.0.2.' then /var/log/network2.log & ~ # local/regular rules, like *.* /var/log/syslog.log
4.重启rsyslog服务:service rsyslog restart
客户端:
1.安装rsyslog
2.编辑/etc/rsyslog.conf: 将remote host行取消注释并填入rsyslog server IP:
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional *.* @@remote_server_ip:514
3.测试:logger "hello world"。根据server端配置路径查看日志内容。
logrotate
1.使用基于cron服务的logrotate(可man)
2.配置范例在文件/etc/logrotate.conf
3.用户自定义配置,使用/etc/logrotate.conf中提供的方法,并将配置文件放在/etc/logrotate.d/下面
打完收工
