rhel6.0配置rsyslog传送日志到远程主机

1. 配置SERVER端（接收端）：

[root@rhel6-server etc]# vim /etc/rsyslog.conf
# Provides TCP syslog reception
$ModLoad imtcp.so  
$InputTCPServerRun 514

[root@rhel6-server etc]# service rsyslog reload
Reloading system logger...                                 [  OK  ]

[root@rhel6-server etc]# netstat -natulp | grep 514
tcp        0      0 0.0.0.0:514                 0.0.0.0:*                   LISTEN      5427/rsyslogd       
tcp        0      0 :::514                      :::*                        LISTEN      5427/rsyslogd 

2. 配置CLIENT端（发送端）：

[root@rhel6-client log]# vim /etc/rsyslog.conf
*.* @@rhel6-server:514

[root@rhel6-client log]# service rsyslog restart
Starting system logger:                                    [  OK  ]

3. SERVER端验证：
[root@rhel6-server etc]# netstat -natulp | grep 514
tcp        0      0 0.0.0.0:514                 0.0.0.0:*                   LISTEN      5427/rsyslogd       
tcp        0      0 192.168.17.253:514          192.168.17.152:33323        FIN_WAIT2   -                   
tcp        0      0 :::514                      :::*                        LISTEN      5427/rsyslogd 
[root@rhel6-server etc]# tail -n 30 /var/log/messages | grep rhel6-client
Mar  2 00:42:07 rhel6-client kernel: Kernel logging (proc) stopped.
Mar  2 00:42:07 rhel6-client rsyslogd: [origin software="rsyslogd" swVersion="4.6.2" x-pid="3197" x-info="http://www.rsyslog.com"] exiting on signal 15.
Mar  2 00:43:11 rhel6-client kernel: imklog 4.6.2, log source = /proc/kmsg started.
Mar  2 00:43:11 rhel6-client rsyslogd: [origin software="rsyslogd" swVersion="4.6.2" x-pid="3275" x-info="http://www.rsyslog.com"] (re)start
[root@rhel6-server etc]#

REF:

http://server.51cto.com/sCollege-272392.htm

http://linux.vbird.org/linux_basic/#syslogd_server