h3c交换机推送日志至syslog服务器
华三官网文档并不完全正确,并且很多系统已经用rsyslog而不是syslog。在这里记录下配置
1、交换机侧配置
[H3C]info-center enable
# ip替换成日志服务器的ip 使用local5作为日志主机记录工具。
[H3C]info-center loghost 172.20.161.249 facility local5
[H3C]info-center source default console level ?
alert Action must be taken immediately (severity=1)
critical Critical conditions (severity=2)
debugging Debug-level messages (severity=7)
emergency System is unusable (severity=0)
error Error conditions (severity=3)
informational Informational messages (severity=6)
notification Normal but significant conditions (severity=5)
warning Warning conditions (severity=4)
选择要推送的级别日志2、服务器侧配置
a. 检查rsyslog服务
[root@localhost ~]# systemctl status rsyslog
● rsyslog.service - System Logging Service
Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2024-10-29 20:01:34 PDT; 32min ago
Main PID: 24893 (rsyslogd)
Memory: 3.9M
CGroup: /system.slice/rsyslog.service
└─24893 /usr/sbin/rsyslogd -n
Oct 29 20:01:34 localhost.localdomain systemd[1]: Starting System Logging Service...
Oct 29 20:01:34 localhost.localdomain systemd[1]: Started System Logging Service.b.在/var/log/路径下为Device创建同名日志文件夹Device,在该文件夹创建文件info.log,用来存储来自Device的日志
mkdir /var/log/Device
touch /var/log/Device/info.logc. 编辑/etc/rsyslog.conf
# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514
# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514
标红字段删除前面的# 来接受其他机器日志
文件末尾添加
local5.* /var/log/Device/info.log
表示接受local5的所有日志级别的信息
3、实现效果
交换机执行命令
服务器tail -f查看日志变化
