0
我正在尝试将日志(/var/log/secure
和/var/log/messages
)从Linux服务器(rsyslog)集中到Solaris服务器(syslog)。远程系统日志服务器上未收到日志
我rsyslog.conf
文件:
#### RULES ####
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
*.info;mail.none;authpriv.none;cron.none @logserver:514
# The authpriv file has restricted access.
authpriv.* /var/log/secure
authpriv.* @logserver:514
# Log all the mail messages in one place.
mail.* /var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg :omusrmsg:*
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
在Solaris上我配置了服务器接受日志:
svccfg -s system-log setprop config/log_from_remote = true
我重新启动系统日志和rsyslog现在,但它不工作。
我使用端口514上的'snoop'命令进行检查,并且仅从另一个Solaris(系统日志)服务器接收数据。 – WetSocks