!! CentOS でrsyslog ! rsyslog.conf # diff ./rsyslog.conf ./rsyslog.conf.orig 30,31c30,31 < module(load="imudp") # needs to be done just once < input(type="imudp" port="514") --- > #module(load="imudp") # needs to be done just once > #input(type="imudp" port="514") 35,36c35,36 < module(load="imtcp") # needs to be done just once < input(type="imtcp" port="514") --- > #module(load="imtcp") # needs to be done just once > #input(type="imtcp" port="514") 80,88d79 < # < < ############################################################### < $template ClinetMessage,"/home/var/log/rsyslog/%fromhost%/%$year%%$month%%$day%_messages.log" < # *.* -?ClinetMessage < # *.* -?ClinetMessage < *.* ?ClinetMessage < ############################################################### < ############################################################### < $AllowedSender UDP,127.0.0.1,192.168.70.0/24 < $AllowedSender TCP,127.0.0.1,192.168.70.0/24 < ############################################################### 27 vi /etc/rsyslog.conf 31 mkdir -p /home/var/log/rsyslog/ 32 service rsyslog restart systemctl restart rsyslog 33 logger –p kern.info "test desu" 35 cd var/log/rsyslog/ 37 firewall-cmd --add-port=514/udp --permanent 38 firewall-cmd --add-port=514/tcp --permanent 39 firewall-cmd --reload 40 setenforce 0 312 restorecon /home/var/log 313 restorecon -R /home/var/log ---- [root@isyslog ~]# setsebool -P logging_syslogd_append_public_content on [root@isyslog ~]# setsebool -P logging_syslogd_append_public_content off [root@isyslog ~]# getsebool logging_syslogd_append_public_content getsebool: SELinux is disabled ---- vi /etc/selinux/config 「enforcing」になっている箇所をコメントアウトして「disabled」を追加します。 #SELINUX=enforcing SELINUX=disabled ---- ## tcpdump -i any -nn port 514 host 192.168.70.253 tcpdump -nn -i any host 192.168.70.253 and port 514