トップ 差分 一覧 ソース 検索 ヘルプ RSS ログイン

LN-rsyslog

  CentOS でrsyslog

rsyslog.conf

# diff ./rsyslog.conf ./rsyslog.conf.orig 
30,31c30,31
< module(load="imudp") # needs to be done just once
< input(type="imudp" port="514")
---
> #module(load="imudp") # needs to be done just once
> #input(type="imudp" port="514")
35,36c35,36
< module(load="imtcp") # needs to be done just once
< input(type="imtcp" port="514")
---
> #module(load="imtcp") # needs to be done just once
> #input(type="imtcp" port="514")
80,88d79
< #
< 
< ###############################################################
< $template  ClinetMessage,"/home/var/log/rsyslog/%fromhost%/%$year%%$month%%$day%_messages.log"
< # *.*     -?ClinetMessage
< # *.* -?ClinetMessage
< *.* ?ClinetMessage
< ###############################################################
< ###############################################################
< $AllowedSender UDP,127.0.0.1,192.168.70.0/24
< $AllowedSender TCP,127.0.0.1,192.168.70.0/24
< ###############################################################
  27  vi /etc/rsyslog.conf
  31  mkdir -p /home/var/log/rsyslog/
  32  service rsyslog restart 
        systemctl restart rsyslog
  33  logger –p kern.info "test desu"
  35  cd var/log/rsyslog/
  
  37  firewall-cmd --add-port=514/udp --permanent
  38  firewall-cmd --add-port=514/tcp --permanent
  39  firewall-cmd --reload
  40  setenforce 0
 312  restorecon /home/var/log
 313  restorecon -R /home/var/log

----

[root@isyslog ~]# setsebool -P logging_syslogd_append_public_content on
[root@isyslog ~]# setsebool -P logging_syslogd_append_public_content off 
[root@isyslog ~]# getsebool logging_syslogd_append_public_content 
getsebool:  SELinux is disabled

vi /etc/selinux/config

「enforcing」になっている箇所をコメントアウトして「disabled」を追加します。

#SELINUX=enforcing
SELINUX=disabled

## tcpdump -i any -nn port 514 host 192.168.70.253
tcpdump -nn -i any host 192.168.70.253 and port 514