|
ru.unix.bsd
- RU.UNIX.BSD ------------------------------------------------------------------
From : sergey belov 2:5015/214 08 Jun 2006 14:29:16
To : All
Subject : syslogd trouble
--------------------------------------------------------------------------------
помогите совладать с адским сислогом. как корректно аггрегировать логи с
удаленных цисок?
syslog-ng не предлагать.
сейчас у меня настроено всё вот так, только ни разу это не работает:
# grep syslog /etc/rc.conf
syslogd_enable="YES"
syslogd_flags="-vvvvv -n -a 212.92.XXX.XXX/32:* -a 212.92.YYY.YYY/32:* -a
82.208.ZZZ.ZZZ/32:* -a 82.208.WWW.WWW/32:*"
# cat /etc/syslog.conf
# $FreeBSD: src/etc/syslog.conf,v 1.28 2005/03/12 12:31:16 glebius Exp $
#
# Spaces ARE valid field separators in this file. However,
# other *nix-like systems still insist on using tabs as field
# separators. If you are sharing this file between systems, you
# may want to use only tabs as field separators here.
# Consult the syslog.conf(5) manpage.
*.err;kern.warning;auth.notice;mail.crit /dev/console
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err;local2.none;local3
.none /var/log/messages
security.* /var/log/security
auth.info;authpriv.info /var/log/auth.log
mail.info /var/log/maillog
lpr.info /var/log/lpd-errs
ftp.info /var/log/xferlog
cron.* /var/log/cron
*.=debug /var/log/debug.log
*.emerg *
# uncomment this to log all writes to /dev/console to /var/log/console.log
#console.info /var/log/console.log
# uncomment this to enable logging of all log messages to /var/log/all.log
# touch /var/log/all.log and chmod it to mode 600 before it will work
#
!mpd
*.* /var/log/mpd.log
#*.* /var/log/all.log
# uncomment this to enable logging to a remote loghost named loghost
#*.* @loghost
# uncomment these if you're running inn
# news.crit /var/log/news/news.crit
# news.err /var/log/news/news.err
# news.notice /var/log/news/news.notice
!startslip
*.* /var/log/slip.log
!ppp
*.* /var/log/ppp.log
+212.92.YYY.YYY
*.* /var/log/cisco/cisco1.log
+82.208.XXX.XXX
*.* /var/log/cisco/cisco2.log
на кошках соответственно:
на 1й
logging trap debugging
logging facility local2
logging source-interface Ethernet0/0
logging 212.92.MY.IP
на 2й
logging trap debugging
logging facility local3
logging source-interface Ethernet0/0
logging 212.92.MY.IP
сислог в вышеуказанные файлы ничего не пишет, все месаги с кошек вместо
попадания в сислог валят на консоль.
запуск syslogd с ключем -d дает следующую картину:
syslogd not running? (check /var/run/syslog.pid).
Starting syslogd.
allowaddr: rule 0: numeric, addr = 212.92.WWW.WWW, mask = 255.255.255.255; port
= 0
allowaddr: rule 1: numeric, addr = 212.92.ZZZ.ZZZ, mask = 255.255.255.255; port
= 0
allowaddr: rule 2: numeric, addr = 82.208.YYY.YYY, mask = 255.255.255.255; port
= 0
allowaddr: rule 3: numeric, addr = 82.208.XXX.XXX, mask = 255.255.255.255; port
= 0
listening on inet and/or inet6 socket
sending on inet and/or inet6 socket
off & running....
init
cfline("*.err;kern.warning;auth.notice;mail.crit /dev/console",
f, "*", "*")
cfline("*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err;local2.non
e;local3.none /var/log/messages", f, "*", "*")
cfline("security.* /var/log/security", f,
"*", "*")
cfline("auth.info;authpriv.info /var/log/auth.log", f,
"*", "*")
cfline("mail.info /var/log/maillog", f,
"*", "*")
cfline("lpr.info /var/log/lpd-errs", f,
"*", "*")
cfline("ftp.info /var/log/xferlog", f,
"*", "*")
cfline("cron.* /var/log/cron", f, "*",
"*")
cfline("*.=debug /var/log/debug.log", f,
"*", "*")
cfline("*.emerg *", f, "*", "*")
cfline("*.* /var/log/mpd.log", f,
"mpd", "*")
cfline("*.* /var/log/slip.log", f,
"startslip", "*")
cfline("*.* /var/log/ppp.log", f,
"ppp", "*")
cfline("*.*
/var/log/cisco/cisco1.log", f, "ppp", "+212.92.YYY.YYY")
cfline("*.*
/var/log/cisco/cisco2.log", f, "ppp", "+82.208.XXX.XXX")
4 3 2 3 5 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 X CONSOLE: /dev/console
7 5 2 5 5 5 6 3 5 5 X 5 5 5 5 5 5 5 X X 5 5 5 5 X FILE: /var/log/messages
X X X X X X X X X X X X X 8 X X X X X X X X X X X FILE: /var/log/security
X X X X 6 X X X X X 6 X X X X X X X X X X X X X X FILE: /var/log/auth.log
X X 6 X X X X X X X X X X X X X X X X X X X X X X FILE: /var/log/maillog
X X X X X X 6 X X X X X X X X X X X X X X X X X X FILE: /var/log/lpd-errs
X X X X X X X X X X X 6 X X X X X X X X X X X X X FILE: /var/log/xferlog
X X X X X X X X X 8 X X X X X X X X X X X X X X X FILE: /var/log/cron
7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 X FILE: /var/log/debug.log
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 X WALL:
8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FILE: /var/log/mpd.log (mpd)
8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FILE: /var/log/slip.log
(startslip)
8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FILE: /var/log/ppp.log (ppp)
X X X X X X X X X X X X X X X X X X 8 X X X X X X FILE:
/var/log/cisco/cisco1.log (ppp)
8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FILE:
/var/log/cisco/cisco2.log (ppp)
logmsg: pri 56, flags 4, from beer, msg syslogd: restart
syslogd: restarted
logmsg: pri 6, flags 4, from beer, msg syslogd: kernel boot file is
/boot/kernel/kernel
Logging to FILE /var/log/messages
syslogd: kernel boot file is /boot/kernel/kernel
logmsg: pri 166, flags 17, from beer, msg Jun 8 14:36:12 <syslog.err> beer
syslogd: exiting on signal 2
куда копать?
--- powered by цололо.ком
* Origin: роман олегович (2:5015/214)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
|
