使用 rsyslog 将 pfsense 日志推送到远程机器
Push pfsense logs to remote machine using rsyslog
我正在努力使用 rsyslog 将 pfsense 所有日志推送到远程机器。
Machine1 ==> Pfsense(freebsd)(192.168.1.1) pfsense basically install syslog
我已经按照这个了document我给了用过的freebsd
我做到了:
将以下内容添加到此 /etc/rc.conf
syslogd_flags=" -a 192.168.1.1 "
192.168.1.1是pfsense IP
然后,打开/etc/syslog.conf
. @192.168.1.137:514
然后,重新启动 Syslog 服务。
/etc/rc.d/syslogd restart
然后开启远程登录状态-->系统日志-->设置
--> Check Enable syslog'ing to remote syslog server
--> Type the IP of the logging server in the box next to Remote syslog server
--> Check the boxes for the log entries to forward
--> Click Save
然后,转到我的服务器机器。
Machine2 ==> Server(Fedora25)(192.168.1.137)
我已经在我的服务器机器编辑 /etc/rsyslog.conf
中安装了 rsyslog
# rsyslog configuration file
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# or latest version online at http://www.rsyslog.com/doc/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
#### MODULES ####
module(load="imuxsock" # provides support for local system logging (e.g. via logger command)
SysSock.Use="off") # Turn off message reception via local log socket;
# local messages are retrieved through imjournal now.
module(load="imjournal" # provides access to the systemd journal
StateFile="imjournal.state") # File to store the position in the journal
#module(load="imklog") # reads kernel messages (the same are read from journald)
#module(load"immark") # provides --MARK-- message capability
# Provides UDP syslog reception
# for parameters see http://www.rsyslog.com/doc/imudp.html
#module(load="imudp") # needs to be done just once
#input(type="imudp" port="514")
# Provides TCP syslog reception
# for parameters see http://www.rsyslog.com/doc/imtcp.html
module(load="imtcp") # needs to be done just once
input(type="imtcp" port="514")
$ModLoad imtcp
$InputTCPServerRun 514
# local/regular rules, like
#### GLOBAL DIRECTIVES ####
# Where to place auxiliary files
global(workDirectory="/var/lib/rsyslog")
# Use default timestamp format
module(load="builtin:omfile" Template="RSYSLOG_TraditionalFileFormat")
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
#### RULES ####
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/pfsense/messages
# The authpriv file has restricted access.
authpriv.* /var/pfsense/secure
# Log all the mail messages in one place.
mail.* -/var/pfsene/maillog
# Log cron stuff
cron.* /var/pfsense/cron
# Everybody gets emergency messages
# Everybody gets emergency messages
*.emerg :omusrmsg:*
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/pfsense/spooler
# Save boot messages also to boot.log
local7.* /var/pfsense/boot.log
重启 rsyslog 服务后,它开始了,但我从未从 pfsense 获得任何日志。
建议我,
我想念这个配置吗?
有什么问题吗,pfsense 使用 syslog 而我的服务器计算机使用 rsyslog?
终于解决了我的问题,现在在远程机器上记录了 Pfsense 日志消息。
我在我的服务器机器中添加了tmpl.conf和/etc/rsyslog/tmpl.conf
$template TmplAuth, "/var/log/Pfsense/%HOSTNAME%/%PROGRAMNAME%.log"
$template TmplMsg, "/var/log/Pfsense/%HOSTNAME%/%PROGRAMNAME%.log"
authpriv.* ?TmplAuth
*.info;mail.none;authpriv.none;cron.none ?TmplMsg
然后,
停止防火墙并重新启动我的 rsyslog 和 pfsense 系统日志服务。现在将 Pfsense 日志信息记录到我的服务器计算机。
参考:https://www.youtube.com/watch?v=8RiHV3HKiCU&index=4&list=PLC9VYvBgfn48oJAUUw3ipalfK63V_k2I3
我正在努力使用 rsyslog 将 pfsense 所有日志推送到远程机器。
Machine1 ==> Pfsense(freebsd)(192.168.1.1) pfsense basically install syslog
我已经按照这个了document我给了用过的freebsd
我做到了:
将以下内容添加到此 /etc/rc.conf
syslogd_flags=" -a 192.168.1.1 "
192.168.1.1是pfsense IP
然后,打开/etc/syslog.conf
. @192.168.1.137:514
然后,重新启动 Syslog 服务。
/etc/rc.d/syslogd restart
然后开启远程登录状态-->系统日志-->设置
--> Check Enable syslog'ing to remote syslog server
--> Type the IP of the logging server in the box next to Remote syslog server
--> Check the boxes for the log entries to forward
--> Click Save
然后,转到我的服务器机器。
Machine2 ==> Server(Fedora25)(192.168.1.137)
我已经在我的服务器机器编辑 /etc/rsyslog.conf
中安装了 rsyslog # rsyslog configuration file
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# or latest version online at http://www.rsyslog.com/doc/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
#### MODULES ####
module(load="imuxsock" # provides support for local system logging (e.g. via logger command)
SysSock.Use="off") # Turn off message reception via local log socket;
# local messages are retrieved through imjournal now.
module(load="imjournal" # provides access to the systemd journal
StateFile="imjournal.state") # File to store the position in the journal
#module(load="imklog") # reads kernel messages (the same are read from journald)
#module(load"immark") # provides --MARK-- message capability
# Provides UDP syslog reception
# for parameters see http://www.rsyslog.com/doc/imudp.html
#module(load="imudp") # needs to be done just once
#input(type="imudp" port="514")
# Provides TCP syslog reception
# for parameters see http://www.rsyslog.com/doc/imtcp.html
module(load="imtcp") # needs to be done just once
input(type="imtcp" port="514")
$ModLoad imtcp
$InputTCPServerRun 514
# local/regular rules, like
#### GLOBAL DIRECTIVES ####
# Where to place auxiliary files
global(workDirectory="/var/lib/rsyslog")
# Use default timestamp format
module(load="builtin:omfile" Template="RSYSLOG_TraditionalFileFormat")
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
#### RULES ####
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/pfsense/messages
# The authpriv file has restricted access.
authpriv.* /var/pfsense/secure
# Log all the mail messages in one place.
mail.* -/var/pfsene/maillog
# Log cron stuff
cron.* /var/pfsense/cron
# Everybody gets emergency messages
# Everybody gets emergency messages
*.emerg :omusrmsg:*
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/pfsense/spooler
# Save boot messages also to boot.log
local7.* /var/pfsense/boot.log
重启 rsyslog 服务后,它开始了,但我从未从 pfsense 获得任何日志。
建议我,
我想念这个配置吗?
有什么问题吗,pfsense 使用 syslog 而我的服务器计算机使用 rsyslog?
终于解决了我的问题,现在在远程机器上记录了 Pfsense 日志消息。
我在我的服务器机器中添加了tmpl.conf和/etc/rsyslog/tmpl.conf
$template TmplAuth, "/var/log/Pfsense/%HOSTNAME%/%PROGRAMNAME%.log"
$template TmplMsg, "/var/log/Pfsense/%HOSTNAME%/%PROGRAMNAME%.log"
authpriv.* ?TmplAuth
*.info;mail.none;authpriv.none;cron.none ?TmplMsg
然后,
停止防火墙并重新启动我的 rsyslog 和 pfsense 系统日志服务。现在将 Pfsense 日志信息记录到我的服务器计算机。
参考:https://www.youtube.com/watch?v=8RiHV3HKiCU&index=4&list=PLC9VYvBgfn48oJAUUw3ipalfK63V_k2I3