Re: [問題]syslog.conf 設定問題

看板FreeBSD作者ziway.時間20年前 (2005/09/11 12:32)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串2/2 (看更多)

這是我後來找到的資料 http://www.muine.org/~hoang/freenat.html 節錄有用到的部份 Log filtering rules to a dedicated log host: A nice way to backup log messages and rely on if the NAT/firewall is rooted is to use a dedicated log server. Here is how you setup: 1. On the NAT/firewall, send log messages to a dedicated log server called e.g. ``loghost'' Edit /etc/syslog.conf and uncomment out the following line: # uncomment this to enable logging to a remote loghost named loghost *.* @loghost Restart syslogd: # kill -1 `cat /var/run/syslog.pid` 2. On the dedicated FreeBSD log server Kill the current running syslogd which does not log messages from remote machines # kill -9 `cat /var/run/syslog.pid` Invoke it with -a to turn on remote logging for log messages from NAT/firewall # syslogd -a 192.168.1.1 The check out the /var/log files on the loghost for new log entries from the NAT/firewall. Caveat: The communication link between loghost and the firewall is not encrypted and therefore potentially vulnerable to eavedrop. Use IPsec to encrypt the channel. 還有這篇 http://lists.freebsd.org/pipermail/freebsd-questions/2004-October/061899.html Look at the `+hostname' specification in syslog.conf(5). You can use something like this: +host1 *.* /var/log/remote/host1/messages +host2 *.* /var/log/remote/host2/messages in your `syslog.conf' file. Please note that adding this to the end of the syslog.conf file will not inhibit logging of the same messages to /var/log/messages or any other matches found earlier. Thus, this syslog.conf file: *.* /var/log/messages +foo *.* /var/log/remote/foo/messages Will log the messages from host `foo' both in /var/log/messages *AND* /var/log/remote/foo/messages. To make syslogd log the messages from host `foo' only in /var/log/remote/foo/messages you'd have to use something like this: -foo *.* /var/log/messages +foo *.* /var/log/remote/foo/messages Multiple hosts can be specified like this: -foo,bar *.* /var/log/messages +foo *.* /var/log/remote/foo/messages +bar *.* /var/log/remote/bar/messages 感謝有關心我問題的朋友 m(_ _)m -- ※Origin：星情小築 < Star.leobbs.net > ※From： 59-105-116-227.adsl.dynamic.seed.net.tw