配置华为交换机把日志发送到远程centos syslog服务器上
huawei switch:#指定发送消息基本,表示从0-7都发送
info-center source default channel 2 log level debugging
#指定从哪个接口发送
info-center loghost source Vlanif1
#指定远程syslog服务器ip
info-center loghost x.x.x.x
Centos Server:
vim /etc/rsyslog.conf
#启用udp 514端口监听。
$ModLoad imudp
$UDPServerRun 514
#把来自两个交换机的日志分别放入到指定的log文件中。
:fromhost-ip,isequal, "x.x.x.x" /var/log/switch01.log
:fromhost-ip,isequal, "x.x.x.x" /var/log/switch02.log
#重启rsyslog服务
service rsyslog restart
测试:
在交换机上执行任何命令都被记录下来,比如:
#tail -f /var/log/switch01.log
May5 16:17:27 switch01 %%01SHELL/6/DISPLAY_CMDRECORD(s): Recorded display command information. (Task=VT0, Ip=x.x.x.x, ***Name=, User=**, AuthenticationMethod="Password", Command="display info-center statistics")
May5 16:17:40 switch01 %%01SHELL/6/DISPLAY_CMDRECORD(s): Recorded display command information. (Task=VT0, Ip=x.x.x.x, ***Name=, User=**, AuthenticationMethod="Password", Command="display current-configuration")
页:
[1]