一.与CentOS5使用syslog来记录日志不同,CentOS6.3利用rsyslog来记录,所以配置上略有不同。
二.CentOS5日志服务器配置
1.Server端:修改/etc/sysconfig/syslog
找到SYSLOGD_OPTIONS=”-m 0 “
改成SYSLOGD_OPTIONS=”-m 0 –r “
2.Client端:修改/etc/syslog.conf
新增服务器的地址
*.* @192.168.1.117
三.CentOS6.3日志服务器配置
1.Server端:
修改/etc/rsyslog.conf,将以下注释去除:
开放防火墙端口:在iptables.rule中新增以下二行
重新执行iptables.rule.
重启rsyslog服务 /etc/init.d/rsyslog restart
2.Client端:修改/etc/rsyslog.conf,将以下注释去除:
3.重启rsyslog服务:/etc/init.d/rsyslog restart.
附:iptables.rule文件:
iptables.rule#!/bin/bash
##firewall set
##luyx30 v1.0 2012-11-24
#define some parameter
EXTIF="eth0"
INNET="192.168.1.0/24"
##set kernel
echo "1" > /proc/sys/net/ipv4/tcp_syncookies
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
for i in /proc/sys/net/ipv4/conf/*/{rp_filter,log_martians}; do
echo "1" > $i
done
for i in /proc/sys/net/ipv4/conf/*/{accept_source_route,accept_redirects,send_redirects}; do
echo "0" > $i
done
##clear rule,set default rule,open rule
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin; export PATH
iptables -F
iptables -X
iptables -Z
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
##allow some ICMP data
AICMP="0 3 3/4 4 11 12 14 16 18"
for tyicmp in $AICMP
do
iptables -A INPUT -i $EXTIF -p icmp --icmp-type $tyicmp -j ACCEPT
done
##allow some services
iptables -A INPUT -p tcp -i $EXTIF --dport 80 --sport 1024:65534 -j ACCEPT #HTTP
iptables -A INPUT -p tcp -s 192.168.1.0/24 -j ACCEPT #allow lan user
iptables -A INPUT -p tcp -i $EXTIF --dport 22 --sport 1024:65534 -j ACCEPT #allow SSH
#Receive the rsyslog from remote computer
iptables -A INPUT -p tcp -i $EXTIF -s 192.168.1.0/24 --dport 514 -j ACCEPT
iptables -A INPUT -p udp -i $EXTIF -s 192.168.1.0/24 --dport 514 -j ACCEPT
/etc/init.d/iptables save