作者:宝宝壮壮妈 | 来源:互联网 | 2023-06-11 13:50
主题:防火墙NS5400的日志打印到远程主机上。远程主机开启SYSLOG,端口监听UDP514端口。[root@agentspjdtmp]#ps-ef|grepsyslog
主题:防火墙NS5400的日志打印到远程主机上。
远程主机开启SYSLOG,端口监听UDP 514端口。
[root@agentspjd tmp]# ps -ef | grep syslog
root 16101 1 0 12:14 ? 00:00:00 syslogd -r -x -m 0
/etc/syslog.conf配置如下[root@agentspjd etc]# more syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
#*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
#*.err @172.16.9.80
auth.info @172.16.9.80
*.emerg /var/log/emerg_log
*.alert /var/log/alert_log
*.crit /var/log/crit_log
*.err /var/log/err_log
*.warning /var/log/warning_log
*.notice /var/log/notice_log
*.info /var/log/info_log
*.debug /var/log/debug_log
local4.* /var/log/ns5400.log
现在比较奇怪的是,我使用tcpdump -i eth0 port 514 可以抓到很多的包,但是实际写入日志的却很少。郁闷,各位大佬帮忙看一下
2 个解决方案