Table of Contents

, , ,

Настройка rsyslog для удаленного протоколирования в Debian

Клиент

/etc/rsyslog.d/logclient.conf

# UDP
*.*     @123.123.123.123:514

Сервер

Создадим директорию для логов

# mkdir -p /var/log/remote/
# chmod 700 /var/log/remote/

/etc/rsyslog.d/logserver.conf

# log settings for host

# loading UDP listener module
$ModLoad imudp

# bind listener to specified IP
$UDPServerAddress 123.123.123.123

# allow remote client
$AllowedSender UDP, 321.321.321.321

# template for all remote clients
$template RemoteHost,"/var/log/remote/%HOSTNAME%.log"

# ruleset for remote clients
$RuleSet remote
*.* ?RemoteHost

# applying remote ruleset to UDP listener
$InputUDPServerBindRuleset remote

# run listener
$UDPServerRun 514