打开防火墙
代码语言:javascript复制[root@h105 rsyslog-mysql-5.8.10]# netstat -an | grep 514
udp 0 0 0.0.0.0:514 0.0.0.0:*
udp 0 0 :::514 :::*
[root@h105 rsyslog-mysql-5.8.10]# iptables -L -nv | grep 514
[root@h105 rsyslog-mysql-5.8.10]# vim /etc/sysconfig/iptables
[root@h105 rsyslog-mysql-5.8.10]# /etc/init.d/iptables reload
iptables: Trying to reload firewall rules: [ OK ]
[root@h105 rsyslog-mysql-5.8.10]# iptables -L -nv | grep 514
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:514
[root@h105 rsyslog-mysql-5.8.10]# 客户端配置
代码语言:javascript复制[root@h202 ~]# grep -v "^#" /etc/rsyslog.conf | grep -v "^$"
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
*.info;mail.none;authpriv.none;cron.none /var/log/messages
authpriv.* /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
*.emerg *
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log
$template SpiceTmpl,"%TIMESTAMP%.%TIMESTAMP:::date-subseconds% %syslogtag% %syslogseverity-text%:%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%n"
:programname, startswith, "spice-vdagent" /var/log/spice-vdagent.log;SpiceTmpl
[root@h202 ~]# vim /etc/rsyslog.conf
[root@h202 ~]# grep -v "^#" /etc/rsyslog.conf | grep -v "^$"
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
*.info;mail.none;authpriv.none;cron.none /var/log/messages
authpriv.* /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
*.emerg *
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log
*.* @192.168.100.105
$template SpiceTmpl,"%TIMESTAMP%.%TIMESTAMP:::date-subseconds% %syslogtag% %syslogseverity-text%:%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%n"
:programname, startswith, "spice-vdagent" /var/log/spice-vdagent.log;SpiceTmpl
[root@h202 ~]#前后的差异主要为
代码语言:javascript复制[root@h202 ~]# diff /tmp/before /tmp/after
11a12
> *.* @192.168.100.105
[root@h202 ~]#增加了一条,将本地的日志记录到远程的服务器 192.168.100.105 , 不指定端口就是默认的 udp 514
重启客户端服务
代码语言:javascript复制[root@h202 ~]# /etc/init.d/rsyslog restart
Shutting down system logger: [ OK ]
Starting system logger: [ OK ]
[root@h202 ~]#审计本地所有操作
将客户端执行的所有命令写入系统日志/var/log/messages中
代码语言:javascript复制[root@h202 ~]# vim /etc/bashrc
[root@h202 ~]# tail -n 3 /etc/bashrc
export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg"; }'
[root@h202 ~]# 在当前环境下生效
代码语言:javascript复制[root@h202 ~]# source /etc/bashrc
[root@h202 ~]# 
