Linuxhotel Wiki

Wie ging das nochmal?

Benutzer-Werkzeuge

Webseiten-Werkzeuge


admin_grundlagen:syslog

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen gezeigt.

Link zu der Vergleichsansicht

Beide Seiten, vorherige Überarbeitung Vorherige Überarbeitung
Nächste Überarbeitung
Vorherige Überarbeitung
admin_grundlagen:syslog [2015/05/08 08:16]
carsten_strotmann
admin_grundlagen:syslog [2022/11/25 08:30] (aktuell)
ingo_wichmann [Absender-Rechner:]
Zeile 1: Zeile 1:
-====== syslog ====== 
-Beispiel: Logdaten von einem Rechner auf den nächsten übertragen 
- 
-===== Zielrechner:​ ===== 
-Zielrechner netzwerkfähig machen: 
- 
-''/​etc/​sysconfig/​syslog''​ : ( Centos 5 ) 
-<​file>​ 
-SYSLOGD_OPTIONS="​-m 0 -r" 
-</​file>​ 
- 
-''/​etc/​sysconfig/​syslog'':​ ( openSuSE 11.1 ) 
-<code bash> 
-  SYSLOGD_PARAMS="​-r"​ 
-</​code>​ 
- 
-''/​etc/​default/​syslogd'':​ ( debian 4.0 ) 
-<code bash> 
-  SYSLOGD="​-r"​ 
-</​code>​ 
- 
-Passende Nachrichten in Datei '/​var/​log/​beispiel'​ schreiben: 
- 
-''/​etc/​syslog.conf''​ : 
-<​file>​ 
-local5.info ​    ​-/​var/​log/​beispiel 
-</​file>​ 
- 
-Syslog neu starten: 
-  /​etc/​init.d/​sysklogd restart 
- 
-===== Absender-Rechner:​ ===== 
-/​etc/​syslog.conf:​ 
-  local5.info ​    ​@zielrechner 
- 
-Syslog neu einlesen: 
-  /​etc/​init.d/​sysklogd restart 
- 
-Testen: Meldung abschicken: 
-  logger -p local5.info "​Testmeldung"​ 
- 
 ====== rsyslog ====== ====== rsyslog ======
 Beispiel: Logdaten von einem Rechner auf den nächsten übertragen Beispiel: Logdaten von einem Rechner auf den nächsten übertragen
Zeile 47: Zeile 6:
  
 === Debian, CentOS === === Debian, CentOS ===
-''/​etc/​rsyslog.conf'':​ ( debian 5.0, centos 6.0 )+''/​etc/​rsyslog.conf'':​ ( debian 5.0, centos 6.0, ubuntu 18.04 )
 <​file>​ <​file>​
-  ​$ModLoad imudp +$ModLoad imudp 
-  $UDPServerRun 514 +$UDPServerRun 514 
-  ​local5.info ​    -/var/log/beispiel+$template RemoteHost,"​/var/log/remote/​%HOSTNAME%.log"​ 
 + 
 +local5.info ?RemoteHost
 </​file>​ </​file>​
  
Zeile 83: Zeile 44:
  
 Syslog neu einlesen: Syslog neu einlesen:
-  ​/​etc/​init.d/​rsyslog restart+  ​service ​rsyslog restart
  
 Testen: Meldung abschicken: Testen: Meldung abschicken:
   logger -p local5.info "​Testmeldung"​   logger -p local5.info "​Testmeldung"​
 +  ​
 +Über'​s Netz direkt an syslog-Server:​
 +  logger -p local5.info -n notebook03 --tcp --port 514 "tcp test" ​
 +
 +===== property based filter =====
 +Auf dem Zielrechner:​
 +<file /​etc/​rsyslog.d/​45-remote-filter.conf>​
 +
 +:syslogtag, isequal, "​ingo:" ​         /​var/​log/​ingo.log
 +&                                     ~ # in der vorherigen Zeile ausgegebene Meldungen nicht erneut ausgeben
 +:source , !isequal , "​notebook02" ​    ~
 +</​file>​
 +
 +
 +
  
 ====== syslog-ng ====== ====== syslog-ng ======
Zeile 174: Zeile 150:
  
 ====== Doku ====== ====== Doku ======
-  * Facility+Jede Logmeldung besitzt eine __priority__\\ 
 +die sich zusammensetzt aus einer __facility__ und einem __level__:\\ 
 +prio=fac.level 
 +==== Facility ====
 Nicht jedes Linux/Unix hat alle Facilities: Nicht jedes Linux/Unix hat alle Facilities:
 <​file>​ <​file>​
   Facility ​       Description ​             ​   Facility ​       Description ​             ​
   ---------------------------- ​                                                       ​   ---------------------------- ​                                                       ​
-  auth            Activity related to requesting name and password (getty, su, login) ​             ​+  auth/​security ​  Activity related to requesting name and password (getty, su, login) ​             ​
   authpriv ​       Same as auth but logged to a file that can only be read by selected users        ​   authpriv ​       Same as auth but logged to a file that can only be read by selected users        ​
   console ​        Used to capture messages that would generally be directed to the system console  ​   console ​        Used to capture messages that would generally be directed to the system console  ​
Zeile 193: Zeile 171:
   news            Messages relating to network news protocol (nntp) ​                               ​   news            Messages relating to network news protocol (nntp) ​                               ​
   ntp             ​Messages relating to network time protocol ​                                         ntp             ​Messages relating to network time protocol ​                                      
 +  syslog ​         Syslog service
   user            Regular user processes ​                                                             user            Regular user processes ​                                                          
   uucp            UUCP subsystem ​     ​   uucp            UUCP subsystem ​     ​
 </​file>​ </​file>​
  
-''​auth,​ authpriv, cron, daemon, ftp, kern, lpr, mail, mark, news, security ​(same as  auth),  syslog, user, uucp and local0''​ bis ''​local7''​ +==== Level (Severity==== 
-  * Level: ​+
  
 <​file>​ <​file>​
-emerg    Emergency condition, such as an imminent system crash, usually broadcast to all users +emerg    Emergency condition, such as an imminent system crash, usually broadcast to all users 
-alert    Condition that should be corrected immediately,​ such as a corrupted system database +alert    Condition that should be corrected immediately,​ such as a corrupted system database 
-crit     ​Critical condition, such as a hardware error +crit     ​Critical condition, such as a hardware error 
-err      Ordinary error +err      Ordinary error 
-warning ​ Warning +warning ​ Warning 
-notice ​  ​Condition that is not an error, but possibly should be handled in a special way +notice ​  ​Condition that is not an error, but possibly should be handled in a special way 
-info     ​Informational message +info     ​Informational message 
-debug    Messages that are used when debugging programs +debug    Messages that are used when debugging programs 
-none     ​Pseudo level used to specify not to log messages.+  none     ​Pseudo level used to specify not to log messages.
 </​file>​ </​file>​
 ''​debug,​ info, notice, warning, warn (same as warning), err, error (same as err), crit, alert, emerg, ​ panic  (same  as  emerg)''​ ''​debug,​ info, notice, warning, warn (same as warning), err, error (same as err), crit, alert, emerg, ​ panic  (same  as  emerg)''​
admin_grundlagen/syslog.1431072986.txt.gz · Zuletzt geändert: 2015/05/08 08:16 von carsten_strotmann