於RHEL6配置Log receive server

RHEL6預設的log server由syslog改換成rsyslog，於是乎以往RHEL3/4/5的配置方法可能已經不適用了（也許有人還是習慣用syslog，那麼方法應該就一樣），不過不用擔心萬變不離其宗正是Linux的教條，只要理論有了，配置不過是理論的實現罷了，以下就簡單的說明一下怎麼改變吧。

1. Enable UDP port 514:

rsyslog預設上把port 514關掉了，請手動將它打開。

- Configure /etc/rsyslog.conf:
Unmark UDP syslog:
$ModLoad imudp.so
$UDPServerRun 514

- Restart rsyslog:
# /etc/init.d/rsyslog restart

2. 檢查UDP port 514已開啟:

[root@rhel6 ~]# netstat -tupln | grep 514
udp 0 0 0.0.0.0:514 0.0.0.0:* 2713/rsyslogd
udp 0 0 :::514 :::* 2713/rsyslogd

3. 配置允許接收對方的log events:

# vi /etc/rsyslog.conf to receive log from remote machine:
:fromhost-ip,isequal,"X.X.X.X" /var/log/test1_log

X.X.X.X -> remote IP address

- Restart rsyslog:
# /etc/init.d/rsyslog restart

4. 建立logrotate:

# vi /etc/logrotate.d/test1
/var/log/test1.log{
size +4096k #Trigger logrotate when file size more than 4096k
create 640 root root # File owner and permission
rotate 10 #maximum logrotate
compress
postrotate #restart rsyslog after trigger logrotate
/etc/init.d/rsyslog reload
endscript
}

- Restart rsyslog:
# /etc/init.d/rsyslog restart