華三官網文件並不完全正確,並且很多系統已經用rsyslog而不是syslog。在這裡記錄下配置
1、交換機側配置
[H3C]info-center enable
# ip替換成日誌伺服器的ip 使用local5作為日誌主機記錄工具。
[H3C]info-center loghost 172.20.161.249 facility local5
[H3C]info-center source default console level ?
alert Action must be taken immediately (severity=1)
critical Critical conditions (severity=2)
debugging Debug-level messages (severity=7)
emergency System is unusable (severity=0)
error Error conditions (severity=3)
informational Informational messages (severity=6)
notification Normal but significant conditions (severity=5)
warning Warning conditions (severity=4)
選擇要推送的級別日誌2、伺服器側配置
a. 檢查rsyslog服務
[root@localhost ~]# systemctl status rsyslog
● rsyslog.service - System Logging Service
Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2024-10-29 20:01:34 PDT; 32min ago
Main PID: 24893 (rsyslogd)
Memory: 3.9M
CGroup: /system.slice/rsyslog.service
└─24893 /usr/sbin/rsyslogd -n
Oct 29 20:01:34 localhost.localdomain systemd[1]: Starting System Logging Service...
Oct 29 20:01:34 localhost.localdomain systemd[1]: Started System Logging Service.b.在/var/log/路徑下為Device建立同名日誌資料夾Device,在該資料夾建立檔案info.log,用來儲存來自Device的日誌
mkdir /var/log/Device
touch /var/log/Device/info.logc. 編輯/etc/rsyslog.conf
# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514
# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514
標紅欄位刪除前面的# 來接受其他機器日誌
檔案末尾新增
local5.* /var/log/Device/info.log
表示接受local5的所有日誌級別的資訊
3、實現效果
交換機執行命令
伺服器tail -f檢視日誌變化
