Receive remote logs through syslog

Some environment configurations are required to receive remote logs through syslog and receive logs from remote hosts. Client A sends the log information to server B (or log collection server) through syslog ). The following describes the configuration process (in my experiment environment, client A: Solaris10, server... receives remote logs through syslog and receives logs from remote hosts through syslog. some environment configurations are required. Client A sends the log information to server B (or log collection server) through syslog ). The following describes the configuration process.
(In my experiment environment, client A: Solaris 10, service host B: redhat linux Enterprise Server edition): www.2cto.com client A configuration: vi/etc/syslog. conf *. info ;*.! Emerg; mail. none; authpriv. none; cron. none/var/log/messages ...... # Customize the syslog message processing method. here, the message is sent to the remote host syslog.info @ 10.10.65.143, where 10.10.65.143 is the IP address of service host B. Restart syslog at www.2cto.com: # svcadm restart system-log or #/etc/init. d/syslog restart server B configuration: First, determine the level of remote messages. for example, all messages sent by Panabit are emerg-level messages, and some routers use notice-level messages. If it doesn't work, use info and filter it out (see the following article for details ). Vi/etc/sysconfig/syslogSYSLOGD_OPTIONS = "-r-x-m 0"-r: enable the function of receiving external log messages, which monitors UDP port 514;-x: disable automatic resolution of the FQDN information of the Log server of the other party, which can avoid the trouble caused by incomplete DNS; vi/etc/syslog. conf # Remove emerg-level messages from messages to avoid repeated records :*. info ;*.! Emerg; mail. none; authpriv. none; cron. none/var/log/messages #*.! Emerg indicates that emerg-level messages are not recorded #*. emerg * # comment out the original emerg and do not display emerg-level messages to the console # receive syslogs sent from remote hosts, output to/var/log/mylogsyslog.info/var/log/mylog and restart syslog: service syslog restart writes remote logs to/var/log/mylog without affecting local syslog operations. The syslog sending applet on client A: # include # Include Int main (int argc, char * argv []) {// openlog (argv [0], LOG_CONS | LOG_PID, LOG_USER); int count = 0; while (count <5) {syslog (LOG_SYSLOG | LOG_INFO, "% d:, syslog info test", count); count ++;} // closelog (); return 0 ;} after the program runs on client, check [root @ localhost socket] # tail-f/var/log/mylogJul 1 13:40:35 localhost syslogd 1.4.1: restart (remote termination) in/var/log/mylog of server B ). jul 1 14:12:14 10.10.65.244. out [2, 653]: [ID 852416 syslog.info] 0:, syslog info testJul 1 14:12:14 10.10.65.244. out [653]: [ID 852416 syslog.info] 1:, syslog info testJul 1 14:12:14 10.10.65.244. out [653]: [ID 852416 syslog.info] 2:, syslog info testJul 1 14:12:14 10.10.65.244. out [653]: [ID 852416 syslog.info] 3:, syslog info testJul 1 14:12:14 10.10.65.244. out [653]: [ID 852416 syslog.info] 4:, syslog info test is visible, and the log information has been received. [Appendix]: About/etc/syslog. conf:/etc/syslog. conf defines the rules according to the following format: facility. level action device. priority Action 1. facility defines the range of log messages. the keys used include auth-authentication activities reported by pam_pwdb. Authpriv-authentication activities including privileged information such as user names cron-scheduled task information related to cron and. Daemon-background process information related to the inetd daemon. Kern-kernel information is first transmitted through klogd. Lpr-information related to the print service. Mail-email-related information the mark-syslog internal function is used to generate the timestamp news-information from the news server syslog-information generated by syslog user-information generated by the user program uucp -information local0-local7 generated by uucp-use the * wildcard with a custom program to indicate that all functions except mark are used internally, security is also defined as an old key, which is equivalent to auth and is no longer recommended. 2. level-level defines the degree of urgency of a message. In the order of severity from high to low: emerg-the system is unavailable, equivalent to panicalert-conditions that need to be modified immediately crit-error conditions that prevent certain tools or subsystem functions from implementing err-error conditions that prevent the implementation of tools or some subsystem functions, equivalent to errorwarning-warning information, equivalent to warnnotice-important common condition info-message that provides information debug-other information that does not contain function conditions or problems none-no importance level, usually used for troubleshooting * all levels. Except none, the panic, error, and warn are old identifiers and are not recommended. When defining the level, pay attention to two points: 1) the priority is determined by the application programming. the priority of the message cannot be changed unless the source code is modified and compiled; 2) a low priority includes a high priority. for example, if you define info log orientation for an application, messages such as notice, warning, err, crit, alert, and emerg are included. (Unless defined by "=") 3. the selector selection condition is connected to the level by the decimal point "." to become the selector (selection condition ). You can use the semicolon ";" to define multiple selection conditions at the same time. Three modifiers are also supported: *-all log information =-equal to, that is, only the log information of this priority is included! -Not equal to, except log information of this priority level. 4. The action is the log information defined by the selected condition. you can perform the following actions: file-specify the absolute path of the log file terminal or print-to the serial or parallel device identifier, for example, in the/dev/ttyS2 @ host-remote log server username-sending information window of the local machine, however, the user must have logged on to the system. named pipe-the absolute path sent to the FIFO file created by using the mkfifo command in advance. Note that the path cannot pass "|/var/xxx. sh is used to process logs in other scripts !!