Skip to main content

5. NXLog 使用教學(Linux)

大多數Linux主機都有內建Syslog套件,可以直接透過終端機開啟rsyslog.conf檔案進行修改。

如果確定待使用的主機沒有syslog相關檔案,請至NXLog Community Edition下載與其作業系統版本相符的套件。

1. 開啟rsyslog.conf檔案:

lubuntu@pc-71:~$ sudo bash
root@pc-71:/home/lubuntu# vi /etc/rsyslog.conf

2. 修改rsyslog.conf檔案:

#################
#### MODULES ####
#################

module(load="imuxsock") # provides support for local system logging
#module(load="immark") # provides --MARK-- message capability

# provides UDP syslog reception
#module(load="imudp")
#input(type="imudp" port="514")

# provides TCP syslog reception
#module(load="imtcp")
#input(type="imtcp" port="514")

# provides kernel logging support and enable non-kernel klog messages
module(load="imklog" permitnonkernelfacility="on")

###########################
#### GLOBAL DIRECTIVES ####
###########################

#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# Filter duplicated messages
$RepeatedMsgReduction on

#
# Set the default permissions for all log files.
#
$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$PrivDropToUser syslog
$PrivDropToGroup syslog

#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog

#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf


請加上此行程式:

*.* @192.168.31.16:1514

輸入完成後請按Esc,跳出後輸入:wq以存檔並退出。

3. 重新啟動rsyslog:

root@pc-71:/home/lubuntu# /etc/init.d/rsyslog restart

完成後可再回到Graylog後台頁面查看收集到的資訊。

No Comments
Back to top