2015-10-07 155 views
0

我正在嘗試將日誌(/var/log/secure/var/log/messages)從Linux服務器(rsyslog)集中到Solaris服務器(syslog)。遠程系統日誌服務器上未收到日誌

rsyslog.conf文件:

#### RULES #### 

# Log all kernel messages to the console. 
# Logging much else clutters up the screen. 
#kern.*             /dev/console 

# Log anything (except mail) of level info or higher. 
# Don't log private authentication messages! 
*.info;mail.none;authpriv.none;cron.none    /var/log/messages 
*.info;mail.none;authpriv.none;cron.none @logserver:514 

# The authpriv file has restricted access. 
authpriv.*            /var/log/secure 
authpriv.*  @logserver:514 
# Log all the mail messages in one place. 
mail.*             /var/log/maillog 

# Log cron stuff 
cron.*             /var/log/cron 

# Everybody gets emergency messages 
*.emerg             :omusrmsg:* 

# Save news errors of level crit and higher in a special file. 
uucp,news.crit           /var/log/spooler 

# Save boot messages also to boot.log 
local7.*            /var/log/boot.log 

在Solaris上我配置了服務器接受日誌:

svccfg -s system-log setprop config/log_from_remote = true 

我重新啓動系統日誌和rsyslog現在,但它不工作。

回答

0

UDP可能是防火牆。使用Solaris snoop命令查看是否有數據進入。

+0

我使用端口514上的'snoop'命令進行檢查,並且僅從另一個Solaris(系統日誌)服務器接收數據。 – WetSocks