syslog
时间:2009-06-23 来源:djstava
syslog是linux系统默认的日志守护进程,默认使用端口514,配置文件是/etc/syslog.conf
vi /etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;news.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
#
# INN
#
news.=crit /var/log/news/news.crit
news.=err /var/log/news/news.err
news.notice /var/log/news/news.notice
配置文件牵涉到两个非常重要的概念:facility和priority,facility是对消息类型的一种分类,priority代表消息的紧急程度。
数值较大的优先级涵盖数值较小的优先级,这意味着如果priority指定为warning,则会包括warning、err、crit、alert和emerg。
500)this.width=500;" border="0">
priority限定符:
* 把所有的priority的log信息都发送到指定地点
= 只把本项服务生成的本priority的log信息发送到指定地点
! “非”,把除了此priority外的其它log信息都发送到指定地点
500)this.width=500;" border="0">
eg:
authpriv.* /var/log/secure(写到本地)
authpriv.* @192.168.0.130(写到日志服务器)
环境:
OS:centos 5
日志服务器:192.168.0.130
syslog客户端:192.168.0.251
一、写到本地
vi /etc/syslog.conf
增加
vi /etc/sysconfig/syslog
#-r表示接受远程机器发送来的log信息,默认是气绝的。
测试下
1、
#参数p指定priority
c
#djstava是主机名
2、
#initlog会将命令的执行结果写入到/var/log/test.log中
二、写到日志服务器
日志服务器无需要重新配置
linux客户端:
vi /etc/syslog.conf
其它的facility也一样。
logger -p local0.notice "I am 251."
在日志服务器上查看
vi /var/log/test.log
vi /etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;news.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
#
# INN
#
news.=crit /var/log/news/news.crit
news.=err /var/log/news/news.err
news.notice /var/log/news/news.notice
配置文件牵涉到两个非常重要的概念:facility和priority,facility是对消息类型的一种分类,priority代表消息的紧急程度。
数值较大的优先级涵盖数值较小的优先级,这意味着如果priority指定为warning,则会包括warning、err、crit、alert和emerg。
500)this.width=500;" border="0">
priority限定符:
* 把所有的priority的log信息都发送到指定地点
= 只把本项服务生成的本priority的log信息发送到指定地点
! “非”,把除了此priority外的其它log信息都发送到指定地点
500)this.width=500;" border="0">
eg:
authpriv.* /var/log/secure(写到本地)
authpriv.* @192.168.0.130(写到日志服务器)
环境:
OS:centos 5
日志服务器:192.168.0.130
syslog客户端:192.168.0.251
一、写到本地
|
service syslog status syslogd (pid 6822) is running... klogd (pid 6825) is running... |
vi /etc/syslog.conf
增加
|
#for test local0.* /var/log/test.log |
vi /etc/sysconfig/syslog
| SYSLOGD_OPTIONS="-r -x -m 0" |
#-r表示接受远程机器发送来的log信息,默认是气绝的。
| touch /var/log/test.log |
|
/etc/init.d/syslog restart Shutting down kernel logger: [ OK ] Shutting down system logger: [ OK ] Starting system logger: [ OK ] Starting kernel logger: [ OK ] |
测试下
1、
| logger -p local0.notice "for test" |
c
|
at /var/log/test.log Jun 23 15:38:52 djstava root: for test |
2、
| initlog -c "cat /etc/service" |
二、写到日志服务器
日志服务器无需要重新配置
linux客户端:
vi /etc/syslog.conf
| authpriv.* @192.168.0.130 |
logger -p local0.notice "I am 251."
在日志服务器上查看
vi /var/log/test.log
|
Jun 23 15:38:52 djstava root: for test Jun 23 17:28:37 192.168.0.251 root: I am 251. |
相关阅读 更多 +
