내가 매일 다시 시작 라우터를 설정할 수 있지만, 재부팅 로그를 삭제하며, 라우터가 1024 개 레코드를 보유 할 수 있습니다 그래서 서버에 로그온 라우터 싶었 기 때문에, 라우터 검색 원격 로깅을 포함
그래서 기록은 여기에서 위해 rsyslog에서 내 centos7 서버 구성에 있었다
편집 서버 의 /etc/rsyslog.conf
파일
중국 코멘트를 배치 메모를
# rsyslog configuration file
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html #### MODULES #### # The imjournal module bellow is now used as a message source instead of imuxsock. $ModLoad imuxsock # provides support for local system logging (e.g. via logger command) $ModLoad imjournal # provides access to the systemd journal #$ModLoad imklog # reads kernel messages (the same are read from journald) #$ModLoad immark # provides --MARK-- message capability # Provides UDP syslog reception $ModLoad imudp # 引用udp协议的模块 $UDPServerRun 514 # 设置udp协议使用端口 # Provides TCP syslog reception $ModLoad imtcp # 引用tcp协议的模块 $InputTCPServerRun 514 # 设置tcp协议使用端口 #### GLOBAL DIRECTIVES #### # Where to place auxiliary files $WorkDirectory /var/lib/rsyslog # Use default timestamp format $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat $template Remote,"/var/log/%$YEAR%-%$MONTH%-%$DAY%/%fromhost-ip%.log" # 设置远程日志存放路径和文件格式 :fromhost-ip, !isequal, "127.0.0.1" ?Remote # 如果是本机日志则不记录 # File syncing capability is disabled by default. This feature is usually not required, # not useful and an extreme performance hit #$ActionFileEnableSync on # Include all config files in /etc/rsyslog.d/ $IncludeConfig /etc/rsyslog.d/*.conf # Turn off message reception via local log socket; # local messages are retrieved through imjournal now. $OmitLocalLogging on # File to store the position in the journal $IMJournalStateFile imjournal.state #### RULES #### # Log all kernel messages to the console. # Logging much else clutters up the screen. # 关于内核的所有日志都放到/dev/console(控制台) #kern.* /dev/console # Log anything (except mail) of level info or higher. # Don't log private authentication messages! # 记录所有日志类型的info级别以及大于info级别的信息到/var/log/messages,但是mail邮件信息,authpriv验证方面的信息和cron时间任务相关的信息除外 *.info;mail.none;authpriv.none;cron.none /var/log/messages # The authpriv file has restricted access. # authpriv验证相关的所有信息存放在/var/log/secure authpriv.* /var/log/secure # Log all the mail messages in one place. # 邮件的所有信息存放在/var/log/maillog; 这里有一个-符号, 表示是使用异步的方式记录, 因为日志一般会比较大 mail.* -/var/log/maillog # Log cron stuff # 计划任务有关的信息存放在/var/log/cron cron.* /var/log/cron # Everybody gets emergency messages # 启动的相关信息 *.emerg :omusrmsg:* # Save news errors of level crit and higher in a special file. uucp,news.crit /var/log/spooler # Save boot messages also to boot.log local7.* /var/log/boot.log # ### begin forwarding rule ### # The statement between the begin ... end define a SINGLE forwarding # rule. They belong together, do NOT split them. If you create multiple # forwarding rules, duplicate the whole block! # Remote Logging (we use TCP for reliable delivery) # # An on-disk queue is created for this action. If the remote host is # down, messages are spooled to disk and sent when it is up again. #$ActionQueueFileName fwdRule1 # unique name prefix for spool files #$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) #$ActionQueueSaveOnShutdown on # save messages to disk on shutdown #$ActionQueueType LinkedList # run asynchronously #$ActionResumeRetryCount -1 # infinite retries if host is down # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional #*.* @@remote-host:514 # ### end of the forwarding rule ###
그런 다음 다시 시작rsyslog
systemctl 재시작 위해 rsyslog
클라이언트가 직접 IP를 입력, 기본적으로 포트 (514)는, 완료
로부터이 문서 Yuuuuuu를 사용하여 생성, 크리에이티브 커먼즈 저작자 표시 4.0 라이센스에 대한 라이센스 계약
달리 표시되지 않는 사이트는 문서 / 소스, 원래의 사이트를 복제하거나, 이전에 서명 확인, 번역 재현
최종 편집 시간 : 10 2018년 10월 24일 오전 10시