# 5. NXLog 使用教學(Linux) 大多數Linux主機都有內建Syslog套件,可以直接透過終端機開啟rsyslog.conf檔案進行修改。 如果確定待使用的主機沒有syslog相關檔案,請至[NXLog Community Edition](https://nxlog.co/products/nxlog-community-edition/download)下載與其作業系統版本相符的套件。 - - - - - - 1\. 開啟rsyslog.conf檔案:
lubuntu@pc-71:~$ sudo bash root@pc-71:/home/lubuntu# vi /etc/rsyslog.conf
- - - - - - 2\. 修改rsyslog.conf檔案:
\################# \#### MODULES #### \################# module(load="imuxsock") # provides support for local system logging \#module(load="immark") # provides --MARK-- message capability \# provides UDP syslog reception \#module(load="imudp") \#input(type="imudp" port="514") \# provides TCP syslog reception \#module(load="imtcp") \#input(type="imtcp" port="514") \# provides kernel logging support and enable non-kernel klog messages module(load="imklog" permitnonkernelfacility="on") \########################### \#### GLOBAL DIRECTIVES #### \########################### \# \# Use traditional timestamp format. \# To enable high precision timestamps, comment out the following line. \# $ActionFileDefaultTemplate RSYSLOG\_TraditionalFileFormat \# Filter duplicated messages $RepeatedMsgReduction on \# \# Set the default permissions for all log files. \# $FileOwner syslog $FileGroup adm $FileCreateMode 0640 $DirCreateMode 0755 $Umask 0022 $PrivDropToUser syslog $PrivDropToGroup syslog \# \# Where to place spool and state files \# $WorkDirectory /var/spool/rsyslog \# \# Include all config files in /etc/rsyslog.d/ \# $IncludeConfig /etc/rsyslog.d/\*.conf 請加上此行程式: \*.\* @192.168.31.16:1514
輸入完成後請按Esc,跳出後輸入:wq以存檔並退出。 - - - - - - 3\. 重新啟動rsyslog:
root@pc-71:/home/lubuntu# /etc/init.d/rsyslog restart
完成後可再回到Graylog後台頁面查看收集到的資訊。