整个配置分成两部分,一个是 rsyslog 的 rsyslog.conf 文件设置,另一个是catalyst交换机配置文件的设置,以下实例用的是 centos6.6 以及catalyst2960/3750 做的。 centos日志服务器的ip地址是192.168.1.2
rsyslog.conf 文件设置(rsyslog.conf设置完保存后要在系统提示符后输入 chkconfig rsyslog on ,以及 service rsyslog start 这两个命令,来开机加载这个服务):
[root@luo2 ~]# cat /etc/rsyslog.conf
#### MODULES ####
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
#$ModLoad immark # provides --MARK-- message capability
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
#### RULES ####
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/cisco/3750 #这些文件夹及文件不用手工建立,重启rsyslog后系统会自动建立这些文件夹及文件
local6.* /var/log/cisco/2960
catalyst 3750 running-config 与日志相关的设置:
logging facility local7 #和rsyslog.conf 文件设置要一致
logging trap debugging #日志消息根据规范分为0-7级,如果trap后跟debugging,意味着产生的所有级别的日志都要输出
logging #如果有几台日志服务器,那么这条命令可以重复输入,只是后面的ip是相应日志服务器的ip
catalyst 2960 running-config 与日志相关的设置:
logging facility local6 #和rsyslog.conf 文件设置要一致,如果没有出现这一行,那么就意味着是默认值:logging facility local7
logging trap debugging