日志服务器使用的是RHEL5.4的系统:
一、服务器端配置
1.修改/etc/sysconfig/syslog文件
- # Options to syslogd
-
# -m 0 disables 'MARK' messages.
-
# -r enables logging from remote machines
-
# -x disables DNS lookups on messages recieved with -r
-
# See syslogd(8) for more details
-
SYSLOGD_OPTIONS="-r -s IP地址"
-
# Options to klogd
-
# -2 prints all kernel oops messages twice; once for klogd to decode, and
-
# once for processing with 'ksymoops'
-
# -x disables all klogd processing of oops messages entirely
-
# See klogd(8) for more details
-
KLOGD_OPTIONS="-x"
-
#
-
SYSLOG_UMASK=0600
-
# set this to a umask value to use for all log files as in umask(1).
-
# By default, all permissions are removed for "group" and "other".
-r 打开远程日志写入功能
-s IP地址 指定那些服务器可以写入,IP地址以;间隔.
2.修改/etc/syslog.conf,在服务器端指定自定义的日志类型,我这里用的是local2.
- local2.* /var/log/squid/access.log
-
*.info;mail.none;authpriv.none;cron.none;local2.none /var/log/messages
local2.* /var/log/squid/access.log 指定日志存储路径
local2.none 该类型的info级别以上消息不发送到/var/log/messages
3.重启syslog服务
#service syslog restart
#chkconfig syslog on
二、客户端配置
1.修改/etc/syslog.conf文件
- #Save squid access.log
-
local2.* @10.12.12.12
-
# Don't log private authentication messages!
-
*.info;mail.none;authpriv.none;cron.none;local2.none /var/log/messages
local2.* @10.12.12.12 local2类型的所有日志发送到10.12.12.12远程日志服务器
local2.none 该类型的info级别以上消息不发送到/var/log/messages
2.修改squid.conf配置文件
- access_log syslog:local2.* squid
指定access_log日志存储路径和squid格式
3.重启日志服务
#service syslog restart
#chkconfig syslog on
阅读(2243) | 评论(0) | 转发(0) |