Hier werden die Unterschiede zwischen zwei Versionen gezeigt.
Beide Seiten, vorherige Überarbeitung Vorherige Überarbeitung Nächste Überarbeitung | Vorherige Überarbeitung | ||
admin_grundlagen:syslog [2016/09/30 09:07] stefan_miethke [Doku] |
admin_grundlagen:syslog [2022/11/25 08:30] (aktuell) ingo_wichmann [Absender-Rechner:] |
||
---|---|---|---|
Zeile 6: | Zeile 6: | ||
=== Debian, CentOS === | === Debian, CentOS === | ||
- | ''/etc/rsyslog.conf'': ( debian 5.0, centos 6.0 ) | + | ''/etc/rsyslog.conf'': ( debian 5.0, centos 6.0, ubuntu 18.04 ) |
<file> | <file> | ||
- | $ModLoad imudp | + | $ModLoad imudp |
- | $UDPServerRun 514 | + | $UDPServerRun 514 |
- | local5.info -/var/log/beispiel | + | $template RemoteHost,"/var/log/remote/%HOSTNAME%.log" |
+ | |||
+ | local5.info ?RemoteHost | ||
</file> | </file> | ||
Zeile 42: | Zeile 44: | ||
Syslog neu einlesen: | Syslog neu einlesen: | ||
- | /etc/init.d/rsyslog restart | + | service rsyslog restart |
Testen: Meldung abschicken: | Testen: Meldung abschicken: | ||
logger -p local5.info "Testmeldung" | logger -p local5.info "Testmeldung" | ||
+ | | ||
+ | Über's Netz direkt an syslog-Server: | ||
+ | logger -p local5.info -n notebook03 --tcp --port 514 "tcp test" | ||
===== property based filter ===== | ===== property based filter ===== | ||
Zeile 52: | Zeile 57: | ||
:syslogtag, isequal, "ingo:" /var/log/ingo.log | :syslogtag, isequal, "ingo:" /var/log/ingo.log | ||
- | & ~ # in der vorherigen Zeile ausgegebene Meldungen nicht erneut ausgeben | + | & ~ # in der vorherigen Zeile ausgegebene Meldungen nicht erneut ausgeben |
:source , !isequal , "notebook02" ~ | :source , !isequal , "notebook02" ~ | ||
</file> | </file> | ||
Zeile 58: | Zeile 63: | ||
- | ====== syslog ====== | ||
- | Beispiel: Logdaten von einem Rechner auf den nächsten übertragen | ||
- | |||
- | ===== Zielrechner: ===== | ||
- | Zielrechner netzwerkfähig machen: | ||
- | |||
- | ''/etc/sysconfig/syslog'' : ( Centos 5 ) | ||
- | <file> | ||
- | SYSLOGD_OPTIONS="-m 0 -r" | ||
- | </file> | ||
- | |||
- | ''/etc/sysconfig/syslog'': ( openSuSE 11.1 ) | ||
- | <code bash> | ||
- | SYSLOGD_PARAMS="-r" | ||
- | </code> | ||
- | |||
- | ''/etc/default/syslogd'': ( debian 4.0 ) | ||
- | <code bash> | ||
- | SYSLOGD="-r" | ||
- | </code> | ||
- | |||
- | Passende Nachrichten in Datei '/var/log/beispiel' schreiben: | ||
- | |||
- | ''/etc/syslog.conf'' : | ||
- | <file> | ||
- | local5.info -/var/log/beispiel | ||
- | </file> | ||
- | |||
- | Syslog neu starten: | ||
- | /etc/init.d/sysklogd restart | ||
- | |||
- | ===== Absender-Rechner: ===== | ||
- | /etc/syslog.conf: | ||
- | local5.info @zielrechner | ||
- | |||
- | Syslog neu einlesen: | ||
- | /etc/init.d/sysklogd restart | ||
- | |||
- | Testen: Meldung abschicken: | ||
- | logger -p local5.info "Testmeldung" | ||
====== syslog-ng ====== | ====== syslog-ng ====== | ||
Zeile 184: | Zeile 149: | ||
rcsyslog reload | rcsyslog reload | ||
- | ===== Doku ===== | + | ====== Doku ====== |
+ | Jede Logmeldung besitzt eine __priority__\\ | ||
+ | die sich zusammensetzt aus einer __facility__ und einem __level__:\\ | ||
+ | prio=fac.level | ||
==== Facility ==== | ==== Facility ==== | ||
Nicht jedes Linux/Unix hat alle Facilities: | Nicht jedes Linux/Unix hat alle Facilities: | ||
Zeile 211: | Zeile 179: | ||
<file> | <file> | ||
- | emerg Emergency condition, such as an imminent system crash, usually broadcast to all users | + | 0 emerg Emergency condition, such as an imminent system crash, usually broadcast to all users |
- | alert Condition that should be corrected immediately, such as a corrupted system database | + | 1 alert Condition that should be corrected immediately, such as a corrupted system database |
- | crit Critical condition, such as a hardware error | + | 2 crit Critical condition, such as a hardware error |
- | err Ordinary error | + | 3 err Ordinary error |
- | warning Warning | + | 4 warning Warning |
- | notice Condition that is not an error, but possibly should be handled in a special way | + | 5 notice Condition that is not an error, but possibly should be handled in a special way |
- | info Informational message | + | 6 info Informational message |
- | debug Messages that are used when debugging programs | + | 7 debug Messages that are used when debugging programs |
- | none Pseudo level used to specify not to log messages. | + | none Pseudo level used to specify not to log messages. |
</file> | </file> | ||
''debug, info, notice, warning, warn (same as warning), err, error (same as err), crit, alert, emerg, panic (same as emerg)'' | ''debug, info, notice, warning, warn (same as warning), err, error (same as err), crit, alert, emerg, panic (same as emerg)'' |