最近想把firewall的日志存到一个日志服务器上分析,对日志配置文件进行的调试。
过程如下:
修改启动文件/etc/rc.conf,加入
syslogd_flags="-4 -a 192.168.0.1/24:514"
其中:
-4 - 指定为IP4,-6为IP6
-a 192.168.0.0/24 - 接收来自这个网段的日志
-514 - 知道端口号。
修改日志配置文件/etc/syslog.conf
local0.* /var/log/firewall/firewall.log
建立相应的文件和目录
mkdir /var/log/firewall
touch /var/log/firewall/firewall.log
停止syslog进程
kill 进程号
以调试方式启动
/usr/sbin/syslod -d
在屏幕上你会看到输出的信息
listening on inet and/or inet6 socket
sending on inet and/or inet6 socket
off & running....
init
cfline("local0.* /var/log/firewall /firewall.log", f, "*", "*")
cfline("*.err;kern.warning;auth.notice;mail.crit /dev/cons ole", f, "*", "*")
cfline("*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err; / var/log/messages", f, "*", "*")
cfline("security.* /var/log/security ", f, "*", "*")
cfline("auth.info;authpriv.info /var/log/auth.log ", f, "*", "*")
cfline("mail.info /var/log/maillog" , f, "*", "*")
cfline("lpr.info /var/log/lpd-errs ", f, "*", "*")
cfline("ftp.info /var/log/xferlog" , f, "*", "*")
cfline("cron.* /var/log/cron", f , "*", "*")
cfline("*.=debug /var/log/debug.lo g", f, "*", "*")
cfline("*.emerg *", f, "*", "*")
cfline("*.* /var/log/slip.log ", f, "startslip", "*")
cfline("*.* /var/log/ppp.log" , f, "ppp", "*")
X X X X X X X X X X X X X X X X 8 X X X X X X X X FILE: /var/log/firewall /firewall.log
4 3 2 3 5 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 X CONSOLE: /dev/console
7 5 2 5 5 5 6 3 5 5 X 5 5 5 5 5 5 5 5 5 5 5 5 5 X FILE: /var/log/messages
X X X X X X X X X X X X X 8 X X X X X X X X X X X FILE: /var/log/security
X X X X 6 X X X X X 6 X X X X X X X X X X X X X X FILE: /var/log/auth.log
X X 6 X X X X X X X X X X X X X X X X X X X X X X FILE: /var/log/maillog
X X X X X X 6 X X X X X X X X X X X X X X X X X X FILE: /var/log/lpd-errs
X X X X X X X X X X X 6 X X X X X X X X X X X X X FILE: /var/log/xferlog
X X X X X X X X X 8 X X X X X X X X X X X X X X X FILE: /var/log/cron
7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 X FILE: /var/log/debug.lo g
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 X WALL:
8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FILE: /var/log/slip.log (startslip)
8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FILE: /var/log/ppp.log (ppp)
logmsg: pri 56, flags 4, from logserver, msg syslogd: restart
syslogd: restarted
logmsg: pri 6, flags 4, from logserver, msg syslogd: kernel boot file is /boot/kernel/kernel
Logging to FILE /var/log/messages
syslogd: kernel boot file is /boot/kernel/kernel
logmsg: pri 166, flags 17, from logserver, msg Aug 17 17:08:58 logserver syslogd: exiting on signal 15
打开另一台控制台开始调试:
1 - logger -p auth.notice "this is test!"
在调试窗口输出
logmsg: pri 166, flags 17, from logserver, msg Aug 17 17:13:43 logserver root: this is test
2 - logger -p local0.notice "This message will logged to the file /var/log/firewall/firewall.log"
检查文件/var/log/firewall/firewall.log是否有这样的信息:
This message will logged to the file /var/log/firewall/firewall.log
调试完成。
阅读(1324) | 评论(0) | 转发(0) |