登陆交换机,进入全局配置模式
SWITCH>en
Password:
SWITCH#
SWITCH#config t
Enter configuration commands, one per line. End with CNTL/Z.
SWITCH(config)#
rsyslog配置
SWITCH(config)# logging on
SWITCH(config)# logging host Rsyslog_Serv_IP
SWITCH(config)# logging trap debugging
SWITCH(config)# logging source-interface vlan Switch_vlan
SWITCH(config)# service timestamps debug uptime
SWITCH(config)# service timestamps log datetime localtime
Rsyslog server配置
(详细配置参考Rsyslog server 详细配置操作指引)
[root@test-1 ~]# vim /etc/rsyslog.conf
-#### MODULES ####
-# The imjournal module bellow is now used as a message source instead of imuxsock.
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal
#$ModLoad imklog # reads kernel messages (the same are read from journald)
#$ModLoad immark # provides --MARK-- message capability
-# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
-# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
$AllowedSender UDP, 172.16.5.0/24 #交换机IP地址段
-#### GLOBAL DIRECTIVES ####
-# Where to place auxiliary files
$WorkDirectory /var/lib/rsyslog
-# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$template IpTemplate,"/var/log/data/%fromhost-ip%/%fromhost-ip%_%$YEAR%-%$MONTH%-%$DAY%.log"
:fromhost-ip, !isequal, "127.0.0.1" ?IpTemplate