使用Linux自带rsyslog收集cisco&huawei交换机日志

修改rsyslog配置

[root@cd-jump rsyslog]# egrep -v "^$|#" /etc/rsyslog.conf  

$ModLoad imudp

$UDPServerRun 514

$ModLoad imtcp

$InputTCPServerRun 514

$WorkDirectory /var/lib/rsyslog

$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

$IncludeConfig /etc/rsyslog.d/*.conf

$OmitLocalLogging on

$IMJournalStateFile imjournal.state

*.info;mail.none;authpriv.none;cron.none                /var/log/messages

authpriv.*                                              /var/log/secure

mail.*                                                  -/var/log/maillog

cron.*                                                  /var/log/cron

*.emerg                                                 :omusrmsg:*

uucp,news.crit                                          /var/log/spooler

local7.*                                                /var/log/boot.log

$template myformat, "%FROMHOST-IP%: %msg:2:$%\n"

$template cisco, "/var/lib/rsyslog/cisco/%FROMHOST-IP%_%$year%-%$month%-%$day%.log"

local4.* ?cisco;myformat

$template myformat, "%FROMHOST-IP%: %msg:2:$%\n"

$template huawei, "/var/lib/rsyslog/huawei/%FROMHOST-IP%_%$year%-%$month%-%$day%.log"

local6.* ?huawei;myformat

思科交换机配置

!

logging facility local4

logging source-interface Vlan1(和rsyslog服务器能通讯的vlan）

logging host 192.168.192.168（rsyslog服务器地址)

华为交换机配置

！

sys

info-center enabl

 info-center loghost 172.27.100.220 facility local6 transport udp