LoginSignup
1
0
@vezel2025

Ubuntu 20.04

Last updated at Posted at 2024-03-05

受信サーバのファイル編集
vi /etc/rsyslog.conf

#################

MODULES

#################

module(load="imuxsock") # provides support for local system logging
#module(load="immark")  # provides --MARK-- message capability

# provides UDP syslog reception
module(load="imudp")
input(type="imudp" port="514") 
# provides TCP syslog reception
module(load="imtcp")
input(type="imtcp" port="514")

保存フォルダの指定+許可IPの記載とIP振り分けを記載

$AllowedSender TCP, 127.0.0.1, 192.168.20.0/24

$template remote-incoming-logs,"/var/log/%FROMHOST-IP%/%$year%/%$month%/%$day%filename.log" 
*.* ?remote-incoming-logs
& stop

provides kernel logging support and enable non-kernel klog messages

module(load="imklog" permitnonkernelfacility="on")

###########################

GLOBAL DIRECTIVES

###########################

Use traditional timestamp format.

To enable high precision timestamps, comment out the following line.

$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

Filter duplicated messages

$RepeatedMsgReduction on

Set the default permissions for all log files.

$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$PrivDropToUser syslog
$PrivDropToGroup syslog

Where to place spool and state files

$WorkDirectory /var/spool/rsyslog

Include all config files in /etc/rsyslog.d/

$IncludeConfig /etc/rsyslog.d/*.conf

編集後はチェックして問題なければ再起動とステータスチェック
rsyslogd -N 1
systemctl restart rsyslog
systemctl status rsyslog

送信(転送側)

ファイル編集

vi /etc/rsyslog.d/50-default.conf
1
0
1

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
1
0