cisco交换机经过 rsyslog收集日志信息配置操做指引vim
登录交换机,进入全局配置模式
SWITCH>en
Password:
SWITCH#
SWITCH#config t
Enter configuration commands, one per line. End with CNTL/Z.
SWITCH(config)#tcp
rsyslog配置
SWITCH(config)# logging on
SWITCH(config)# logging host Rsyslog_Serv_IP
SWITCH(config)# logging trap debugging
SWITCH(config)# logging source-interface vlan Switch_vlan
SWITCH(config)# service timestamps debug uptime
SWITCH(config)# service timestamps log datetime localtimeide
Rsyslog server配置
(详细配置参考Rsyslog server 详细配置操做指引)debug
[root@test-1 ~]# vim /etc/rsyslog.conf
-#### MODULES ####日志
-# The imjournal module bellow is now used as a message source instead of imuxsock.
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal
#$ModLoad imklog # reads kernel messages (the same are read from journald)
#$ModLoad immark # provides --MARK-- message capabilityorm
-# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514server
-# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514ip
$AllowedSender UDP, 172.16.5.0/24 #交换机IP地址段ci
-#### GLOBAL DIRECTIVES ####it
-# Where to place auxiliary files
$WorkDirectory /var/lib/rsyslog
-# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$template IpTemplate,"/var/log/data/%fromhost-ip%/%fromhost-ip%_%$YEAR%-%$MONTH%-%$DAY%.log":fromhost-ip, !isequal, "127.0.0.1" ?IpTemplate