cd /etc/yum.repos.d;wget http://rpms.adiscon.com/v8-stable/rsyslog.repo uat-web02:/etc/yum.repos.d# ls -ltr total 32 -rw-r--r--. 1 root root 4528 Dec 1 2013 CentOS-Vault.repo -rw-r--r--. 1 root root 630 Dec 1 2013 CentOS-Media.repo -rw-r--r--. 1 root root 638 Dec 1 2013 CentOS-Debuginfo.repo -rw-r--r-- 1 root root 227 Apr 1 2014 rsyslog.repo -rw-r--r--. 1 root root 1083 Jul 2 2014 epel.repo -rw-r--r--. 1 root root 2572 Jul 2 2014 CentOS-Base.repo -rw-r--r-- 1 root root 1250 Aug 26 2014 puppetlabs.repo uat-web02:/etc/yum.repos.d# cat rsyslog.repo [rsyslog_v8] name=Adiscon CentOS-$releasever - local packages for $basearch baseurl=http://rpms.adiscon.com/v8-stable/epel-$releasever/$basearch enabled=1 gpgcheck=0 gpgkey=http://rpms.adiscon.com/RPM-GPG-KEY-Adiscon protect=1 uat-web02:/etc/yum.repos.d# ps -ef | grep rsyslog root 32378 31761 0 09:29 pts/0 00:00:00 grep rsyslog uat-web02:/etc/yum.repos.d# service rsyslog start Starting system logger: [ OK ] uat-web02:/etc/yum.repos.d# rsyslogd -v rsyslogd 8.21.0, compiled with: PLATFORM: x86_64-redhat-linux-gnu PLATFORM (lsb_release -d): FEATURE_REGEXP: Yes GSSAPI Kerberos 5 support: No FEATURE_DEBUG (debug build, slow code): No 32bit Atomic operations supported: Yes 64bit Atomic operations supported: Yes memory allocator: system default Runtime Instrumentation (slow code): No uuid support: Yes Number of Bits in RainerScript integers: 64 See http://www.rsyslog.com for more information. 安装rsyslog日志搜集 yum install rsyslog 查看版本信息 yum info rsyslog 修改配置文件: [root@Server2 yum.repos.d]# cat /etc/rsyslog.conf |egrep -v "^(#|$)" module(load="imuxsock") # provides support for local system logging (e.g. via logger command) module(load="imklog") # provides kernel logging support (previously done by rklogd) module(load="imudp") # needs to be done just once input(type="imudp" port="514") $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat $IncludeConfig /etc/rsyslog.d/*.conf *.info;mail.none;authpriv.none;cron.none /var/log/messages authpriv.* /var/log/secure mail.* /var/log/maillog cron.* /var/log/cron *.emerg :omusrmsg:* uucp,news.crit /var/log/spooler local7.* /var/log/boot.log $template TmplAuth, "/var/log/rsyslog_custom/%HOSTNAME%/%PROGRAMNAME%.log" $template TmplMsg, "/var/log/rsyslog_custom/%HOSTNAME%/%PROGRAMNAME%.log" authpriv.* ?TmplAuth *.info,mail.none,authpriv.none,cron.none ?TmplMsg 创建日志保存路径 mkdir -p /var/log/rsyslog_custom semanage fcontext -a -t syslogd_exec_t /sbin/rsyslogd restorecon /sbin/rsyslogd /usr/sbin/semanage fcontext -a -t var_log_t "/var/log/rsyslog_custom(/.*)?" /sbin/restorecon -R -v /var/log/rsyslog_custom service rsyslog restart 查看udp 514端口是否开放 客户端安装rsyslog cd /etc/yum.repos.d;wget http://rpms.adiscon.com/v8-stable/rsyslog.repo yum install rsyslog 修改配置文件: [root@Server1 yum.repos.d]# cat /etc/rsyslog.conf |egrep -v "^(#|$)" module(load="imuxsock") # provides support for local system logging (e.g. via logger command) module(load="imklog") # provides kernel logging support (previously done by rklogd) module(load="imfile") $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat $IncludeConfig /etc/rsyslog.d/*.conf *.info;mail.none;authpriv.none;cron.none /var/log/messages authpriv.* /var/log/secure mail.* /var/log/maillog cron.* /var/log/cron *.emerg :omusrmsg:* uucp,news.crit /var/log/spooler local7.* /var/log/boot.log *.info /var/log/test.log input(type="imfile" File="/usr/local/nginx/logs/icms.access.log" Tag="icms-access" Severity="info" Facility="local5") *.* @192.168.0.103:514 验证: 在/var/log/rsyslog_custom目录下面:按服务器名称生成的文件夹,查看里面日志 注意:rsyslog 源码安装 会出现日志重复发的情况,需要rpm包安装