我正在努力使用rsyslog将pfsense所有日志推送到远程机器。
Machine1 ==> Pfsense(freebsd)(192.168.1.1) pfsense basically install syslog
我已按照document使用了freebsd。
我做了:
将以下内容添加到此 /etc/rc.conf
syslogd_flags=" -a 192.168.1.1 "
192.168.1.1是pfsense IP
然后,打开/etc/syslog.conf
。 @ 192.168.1.137:514
然后,重新启动Syslog服务。
/etc/rc.d/syslogd restart
然后启用远程登录状态 - >系统日志 - >设置
--> Check Enable syslog'ing to remote syslog server
--> Type the IP of the logging server in the box next to Remote syslog server
--> Check the boxes for the log entries to forward
--> Click Save
然后,转到我的服务器计算机。
Machine2 ==> Server(Fedora25)(192.168.1.137)
我在我的服务器机器编辑/etc/rsyslog.conf中安装了 rsyslog
# rsyslog configuration file
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# or latest version online at http://www.rsyslog.com/doc/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
#### MODULES ####
module(load="imuxsock" # provides support for local system logging (e.g. via logger command)
SysSock.Use="off") # Turn off message reception via local log socket;
# local messages are retrieved through imjournal now.
module(load="imjournal" # provides access to the systemd journal
StateFile="imjournal.state") # File to store the position in the journal
#module(load="imklog") # reads kernel messages (the same are read from journald)
#module(load"immark") # provides --MARK-- message capability
# Provides UDP syslog reception
# for parameters see http://www.rsyslog.com/doc/imudp.html
#module(load="imudp") # needs to be done just once
#input(type="imudp" port="514")
# Provides TCP syslog reception
# for parameters see http://www.rsyslog.com/doc/imtcp.html
module(load="imtcp") # needs to be done just once
input(type="imtcp" port="514")
$ModLoad imtcp
$InputTCPServerRun 514
# local/regular rules, like
#### GLOBAL DIRECTIVES ####
# Where to place auxiliary files
global(workDirectory="/var/lib/rsyslog")
# Use default timestamp format
module(load="builtin:omfile" Template="RSYSLOG_TraditionalFileFormat")
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
#### RULES ####
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/pfsense/messages
# The authpriv file has restricted access.
authpriv.* /var/pfsense/secure
# Log all the mail messages in one place.
mail.* -/var/pfsene/maillog
# Log cron stuff
cron.* /var/pfsense/cron
# Everybody gets emergency messages
# Everybody gets emergency messages
*.emerg :omusrmsg:*
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/pfsense/spooler
# Save boot messages also to boot.log
local7.* /var/pfsense/boot.log
之后重新启动rsyslog服务,它启动了,但我从来没有从pfsense获取任何日志。
建议我,
我想念这个配置?
有什么问题,pfsense使用了syslog而我的服务器机器使用了rsyslog吗?
答案 0 :(得分:0)
最终解决了我的问题,现在在远程机器中记录了Pfsense日志消息。
我已在服务器计算机中添加 tmpl.conf 和 /etc/rsyslog/tmpl.conf 。
$template TmplAuth, "/var/log/Pfsense/%HOSTNAME%/%PROGRAMNAME%.log"
$template TmplMsg, "/var/log/Pfsense/%HOSTNAME%/%PROGRAMNAME%.log"
authpriv.* ?TmplAuth
*.info;mail.none;authpriv.none;cron.none ?TmplMsg
然后,
停止防火墙并重新启动我的rsyslog和pfsense syslog服务。现在记录Pfsense日志信息到我的服务器机器。
参考:https://www.youtube.com/watch?v=8RiHV3HKiCU&index=4&list=PLC9VYvBgfn48oJAUUw3ipalfK63V_k2I3