安裝日志收集工具
yum install -y rsyslog
目前公司網(wǎng)絡(luò)設(shè)備分為三類，分別為h3c、huawei、cisco三種
修改配置文件

vim rsyslog.conf

$ModLoad imudp
$UDPServerRun 514

$ModLoad imtcp
$InputTCPServerRun 514

$ModLoad imklog
$WorkDirectory /var/lib/rsyslog
#$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
$OmitLocalLogging on
$IMJournalStateFile imjournal.state
*.info;mail.none;authpriv.none;cron.none;local1.none;local2.none;local3.none;local4.none;local5.none;local6.none               /var/log/messages
authpriv.*                                              /var/log/secure
mail.*                                                  -/var/log/maillog
cron.*                                                  /var/log/cron
*.emerg                                                 :omusrmsg:*
uucp,news.crit                                          /var/log/spooler
local7.*                                                /var/log/boot.log
#收集網(wǎng)絡(luò)日志
$template h3c,"/log_data/h3c/%FROMHOST-IP%.log"
local6.* ?h3c
$template huawei,"/log_data/huawei/%FROMHOST-IP%.log"
local5.* ?huawei
$template cisco,"/log_data/cisco/%FROMHOST-IP%.log"
local4.* ?cisco

創(chuàng)建存放日志路徑

mkdir  /log_data/huawei/ -p
mkdir  /log_data/h3c/  -p
mkdir  /log_data/cisco/  -p
啟動服務(wù)
systemctl start rsyslogd
systemctl enable rsyslogd

在網(wǎng)絡(luò)設(shè)備上配置日志輸入

“ 網(wǎng)絡(luò)設(shè)備配置
Huawei：info-center loghost source Vlanif99
info-center loghost 10.10.0.184 facility local5

H3C:
info-center loghost source Vlan-interface99
info-center loghost 10.10.0.184 facility local6

CISCO:
(config)#logging on
(config)#logging 10.10.0.184 
(config)#logging facility local4
(config)#logging source-interface e0

Ruijie：logging buffered warnings
logging source interface VLAN 99
logging facility local6
logging server 10.10.0.184


注意：10.10.0.184為rsyslog服務(wù)器的IP ”

注意：需要開放日志收集服務(wù)器的 514端口訪問權(quán)限。
當有日志輸出后，可在定義的目錄生成日志，用于后期對接elk

image.png