从 CentOS 6.8 迁移到 CentOS 7.3 后,我无法从路由器和其他设备接收日志。您能帮忙看一下并告诉我如何修复它吗?这些日志对我来说非常重要,因为我所有的作品都是基于它们。非常感谢。
以下信息仅供参考
[用户@主机~]$ rsyslogd -v
rsyslogd 7.4.7, compiled with:
FEATURE_REGEXP: Yes
FEATURE_LARGEFILE: No
GSSAPI Kerberos 5 support: Yes
FEATURE_DEBUG (debug build, slow code): No
32bit Atomic operations supported: Yes
64bit Atomic operations supported: Yes
Runtime Instrumentation (slow code): No
uuid support: Yes
[用户@主机 ~]$ cat /etc/centos-release
CentOS Linux release 7.3.1611 (Core)
[用户@主机 ~]# ll -dZ /var/log/usb
drwxr-xr-x. root root system_u:object_r:var_log_t:s0 /var/log/usb
[用户@主机~]# nc -vu 192.168.0.111 514
Ncat: Version 6.40 ( http://nmap.org/ncat )
Ncat: Connected to 192.168.0.111:514.
[用户@主机~]# nc -vu 192.168.0.1 514
Ncat: Version 6.40 ( http://nmap.org/ncat )
Ncat: Connected to 192.168.0.1:514.
[用户@主机 ~]$ ip 路由 sh
default via 192.168.0.1 dev enp3s0 proto static metric 100
192.168.0.0/24 dev enp3s0 proto kernel scope link src 192.168.0.111 metric 100
192.168.2.0/24 dev enp0s20u2c2 proto kernel scope link src 192.168.2.113 metric 100
[用户@主机〜]#journalctl --unit = rsyslog
-- Reboot --
Jan 07 01:46:49 host systemd[1]: Starting System Logging Service...
Jan 07 01:46:49 host systemd[1]: Started System Logging Service.
/etc/rsyslog.conf(仅取消注释)
$ModLoad imuxsock
$ModLoad imjournal
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerAddress 192.168.0.111
$UDPServerRun 514
$WorkDirectory /var/lib/rsyslog
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
$OmitLocalLogging on
$IMJournalStateFile imjournal.state
/etc/rsyslog.d/networklog.conf
$template router, "/var/log/usb/router/router.%$year%%$month%%$day%.log"
: fromhost-ip, isequal, "192.168.0.1" -?router
& ~
$template nas, "/var/log/usb/qnap/qnap.%$year%%$month%%$day%.log"
: fromhost-ip, isequal, "192.168.0.110" -?nas
& ~
$template switch, "/var/log/usb/switch/switch.%$year%%$month%%$day%.log"
: fromhost-ip, isequal, "192.168.0.2" -?switch
& ~
$template bridge, "/var/log/usb/bridge/bridge.%$year%%$month%%$day%.log"
: fromhost-ip, isequal, "192.168.5.3" -?bridge
$ ~
$template ap, "/var/log/usb/ap/ap.%$year%%$month%%$day%.log"
: fromhost-ip, isequal, "192.168.0.4" -?ap
$ ~
/etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Tue Jul 28 19:40:14 2015
*filter
#:INPUT ACCEPT [229:17291]
#:FORWARD ACCEPT [0:0]
#:OUTPUT ACCEPT [133:14088]
# ssh daemon
-A INPUT -p tcp -i enp0s20u2c2 -d 192.168.2.113 -m state --state NEW,ESTABLISHED,RELATED -m tcp --dport 22 -j ACCEPT
# syslog daemon
-A INPUT -i enp3s0 -d 192.168.0.111 -p udp -m state --state NEW,ESTABLISHED,RELATED -m udp --dport 514 -j ACCEPT
-A OUTPUT -o enp3s0 -s 192.168.0.111 -p udp -m state --state NEW,ESTABLISHED,RELATED -m udp --sport 514 -j ACCEPT
# default DROP rule
-A INPUT -j DROP
COMMIT
# Completed on Tue Jul 28 19:40:14 2015
[用户@主机网络脚本]# cat ifcfg-enp3s0
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=enp3s0
UUID=6201e661-dfc9-4c1a-aad9-3fc1330d79e4
DEVICE=enp3s0
ONBOOT=yes
IPADDR=192.168.0.111
PREFIX=24
GATEWAY=192.168.0.1
DNS1=8.8.8.8
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_PRIVACY=no
答案1
你好,我是开线者。
发现 CentOS 6.8 和 CentOS 7.3 附带不同版本的 rsyslogd 似乎我的旧conf代码不适用于 rsyslog 7 互联网上有很多示例conf可以开始。
要开始调试,请使用 service 或 systemctl 禁用 rsyslog 并发出以下命令
/path/to/rsyslogd -N 1 ##### check conf syntax
/path/to/rsyslogd -dn ##### run in debug mode
谢谢