多操作系统环境的首选电子邮件客户端

Question

hackerhasid

Asked: 2012-07-15 19:27:53 +0800 CST2012-07-15 19:27:53 +0800 CST 2012-07-15 19:27:53 +0800 CST

rsyslog 不记录消息

772

我正在尝试设置我的 ec2 实例（运行 amazon linux，据我所知，它是建立在 RHEL 5 上的）将日志消息转发到 loggentries.com，但没有任何内容被转发。作为健全性检查，我按照本文中的说明将另一个 EC2 实例设置为中央服务器，发现没有收到消息。所以我尝试logger -p cron.info TEST在客户端机器上执行，发现/var/log/cron 中没有添加任何内容！显然有些东西不起作用！但是 rsyslogd 正在运行：

ps 辅助 | grep rsys

产出

根 25362 0.0 0.0 183768 1328 ？Sl 14:27 0:00 /sbin/rsyslogd -i /var/run/syslogd.pid -c 5

作为参考，这里是 rsyslog.conf（暂时删除了转发内容，直到我让它在本地工作）

#### MODULES ####

$ModLoad imuxsock.so    # provides support for local system logging (e.g. via logger command)
$ModLoad imklog.so      # provides kernel logging support (previously done by rklogd)
#$ModLoad immark.so     # provides --MARK-- message capability

# Provides UDP syslog reception
#$ModLoad imudp.so
#$UDPServerRun 514

# Provides TCP syslog reception
#$ModLoad imtcp.so  
#$InputTCPServerRun 514


#### GLOBAL DIRECTIVES ####

# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# File syncing capability is disabled by default. This feature is usually not required, 
# not useful and an extreme performance hit
#$ActionFileEnableSync on


#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog


# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 *

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log

1 个回答

Voted

Mike Pennington · Answer 1 · 2012-07-16T06:59:57+08:00

您唯一需要rsyslog.conf转发到远程 IP 地址的是

*.* @@192.0.2.25:514;

关于你的另一个问题...

我尝试在客户端计算机上执行 logger -p cron.info TEST，但发现/var/log/cron 中没有添加任何内容！

确保在更改配置后重新启动 rsyslogd；您还需要确保它/var/log/cron存在。

编辑

为了演示成功的日志条目是什么样的，我rsyslogd从rsyslogd -c4 -d; 这会将所有调试发送到我的 ssh 会话。我登录cron.info到/var/log/syslog. 在另一个 ssh 会话中，我运行了logger -p cron.info "my test again"……这是我在成功登录之前看到的/var/log/syslog……

4578.692833385:b6d8fb70: Message from UNIX socket: #3
4578.692906216:b6d8fb70: logmsg: flags 4, from 'Bucksnort', msg Jul 15 10:02:58 mpenning: my test again
4578.692936284:b6d8fb70: Message has legacy syslog format.
4578.692977796:b6d8fb70: main Q: entry added, size now 1 entries
4578.693017277:b6d8fb70: wtpAdviseMaxWorkers signals busy
4578.693079869:b6d8fb70: main Q: EnqueueMsg advised worker start
4578.693117891:b6d8fb70: --------imuxsock calling select, active file descriptors (max 5): 3 5
4578.693210533:b7590b70: main Q: entry deleted, state 0, size now 0 entries
4578.693246128:b7590b70: testing filter, f_pmask 0
4578.693269892:b7590b70: testing filter, f_pmask 255
4578.693296429:b7590b70: Called action, logging to builtin-file
4578.693340007:b7590b70: file to log to: /var/log/syslog
4578.693369336:b7590b70: doWrite, pData->pStrm 0x96b6268, lenBuf 50
4578.693400172:b7590b70: strm 0x96b6268: file 7(syslog) flush, buflen 50
4578.693487314:b7590b70: strm 0x96b6268: file 7 write wrote 50 bytes
4578.693512965:b7590b70: testing filter, f_pmask 0
4578.693530524:b7590b70: testing filter, f_pmask 0
4578.693547988:b7590b70: testing filter, f_pmask 0
4578.693564966:b7590b70: testing filter, f_pmask 0
4578.693581783:b7590b70: testing filter, f_pmask 0
4578.693599197:b7590b70: testing filter, f_pmask 0
4578.693616153:b7590b70: testing filter, f_pmask 0
4578.693632854:b7590b70: testing filter, f_pmask 0
4578.693649647:b7590b70: testing filter, f_pmask 0
4578.693666837:b7590b70: testing filter, f_pmask 0
4578.693683852:b7590b70: testing filter, f_pmask 0
4578.693700593:b7590b70: testing filter, f_pmask 128
4578.693717070:b7590b70: testing filter, f_pmask 0
4578.693734486:b7590b70: testing filter, f_pmask 1
4578.693751624:b7590b70: testing filter, f_pmask 240
4578.693769534:b7590b70: Called action, logging to builtin-pipe
4578.693791155:b7590b70:  (/dev/xconsole)
4578.693820288:b7590b70: main Q:Reg/w0: worker IDLE, waiting for work.

rsyslog 不记录消息

新安装后 postgres 的默认超级用户用户名/密码是什么？

SFTP 使用什么端口？

命令行列出 Windows Active Directory 组中的用户？

什么是 Pem 文件，它与其他 OpenSSL 生成的密钥文件格式有何不同？

如何确定bash变量是否为空？

rsyslog 不记录消息

1 个回答

相关问题