使用rsyslog TLS配置到远程日志服务器(CentOS/RHEL 7)的安全日志记录
时间:2020-02-23 14:40:25 来源:igfitidea点击:
在上一篇文章中,我分享了使用HTTPS在两台计算机之间安全地传输文件的步骤。
现在,将介绍在CentOS/RHEL 7 Linux中使用TLS证书使用rsyslog配置到远程日志服务器的安全日志记录的步骤。
本文档介绍了设置rsyslog(TLS证书)以将日志传输到远程日志服务器的安全方法。
安全的日志记录环境不仅仅需要加密传输通道。
以下是使用TLS进行安全的远程日志记录的一些安全优势
网上传输时,系统日志消息已加密
syslog发送方向syslog接收方进行身份验证;因此,接收者知道谁在跟它说话
syslog接收方向syslog发送方进行身份验证;因此,发送者可以检查它是否确实正在发送给预期的接收者
相互身份验证可防止中间人攻击
为什么需要安全记录到远程日志服务器?
我已经写了一篇文章,该文章通过TCP协议使用rsyslog在远程日志服务器上执行日志记录,但是即使我们使用TCP将日志消息发送到远程服务器,在消息传输过程中也没有进行任何加密或者加密,可能无法接受。
如果组织需要更高级别的安全性,则需要设置到远程日志服务器的安全日志记录。
安全的远程日志记录将使用TLS。
重要的提示:
服务器和客户端之间的时间必须保持同步,以安全地记录到远程日志服务器。
因此,请确保我们使用的是时间同步工具,例如chronyd或者ntpd。
我的设置:
我将使用两个不同的节点来演示使用带有TLS证书的rsyslog到远程日志用户的安全日志记录,即node2和node3.
两个节点都安装了CentOS 7.4 Linux。
在本文中," node2"将充当客户端,它将rsyslog消息转发到" node3"(远程日志服务器)。因此,
node2将成为我们的client,而node3将充当远程日志服务器。
说明:
我已禁用本文的SELinux,以防万一我们打算使用SELinux,请确保它不会阻止我们的安全远程日志记录。
[root@node2 ~]# systemctl status chronyd [root@node2 ~]# date Tue Apr 16 14:10:12 IST 2019
[root@node3 ~]# systemctl status chronyd [root@node3 ~]# date Tue Apr 16 14:10:06 IST 2019
生成CA证书
为了创建一个自签名证书以将syslog安全转发到远程日志服务器,我们将使用GnuTLS中的certtool。
因此,让我们首先使用yum安装GnuTLS rpm。
说明:
在RHEL系统上,我们必须具有RHN的有效订阅,或者我们可以配置本地脱机存储库,通过该本地脱机存储库,yum软件包管理器可以安装提供的rpm及其依赖项。
[root@node2 ~]# yum -y install gnutls-utils
重要的提示:
需要在日志服务器上访问TCP端口6514,并且客户端也必须能够从该端口退出。
生成私钥
[root@node2 ~]# certtool --generate-privkey --outfile ca-key.pem Generating a 2048 bit RSA private key...
检查我们刚刚创建的新密钥
[root@node2 ~]# ls -l total 44 -rw-------. 1 root root 1899 Nov 17 17:45 anaconda-ks.cfg -rw------- 1 root root 5813 Apr 16 14:12 ca-key.pem drwxr-xr-x. 2 root root 4096 Nov 25 21:02 Desktop drwxr-xr-x. 2 root root 4096 Nov 25 21:02 Documents drwxr-xr-x. 2 root root 4096 Nov 25 21:02 Downloads -rw-r--r--. 1 root root 0 Nov 17 17:48 initial-setup-ks.cfg drwxr-xr-x. 2 root root 4096 Nov 25 21:02 Videos
该密钥需要适当的权限才能使其仅对root用户可读
[root@node2 ~]# chmod 400 ca-key.pem
现在自己创建(自签名)CA证书。
此命令向我们查询许多内容。
使用适当的响应。
关于证书有效性,请记住,当该证书过期时,我们需要重新创建所有证书。
因此,例如,长时间使用可能是一个好主意。
3650天(大约10年)。
我们需要指定证书属于授权机构。
该证书用于签署其他证书。
[root@node2 ~]# certtool --generate-self-signed --load-privkey ca-key.pem --outfile ca.pem
Generating a self signed certificate...
Please enter the details of the certificate's distinguished name. Just press enter to ignore a field.
Common name: node2.example.com
UID:
Organizational unit name:
Organization name:
Locality name:
State or province name:
Country name (2 chars):
Enter the subject's domain component (DC):
This field should not be used in new certificates.
E-mail:
Enter the certificate's serial number in decimal (default: 6680410231240074733):
Activation/Expiration time.
The certificate will expire in (days): 3650
Extensions.
Does the certificate belong to an authority? (y/N): y
Path length constraint (decimal, -1 for no constraint): -1
Is this a TLS web client certificate? (y/N): n
Will the certificate be used for IPsec IKE operations? (y/N): n
Is this a TLS web server certificate? (y/N): n
Enter a dnsName of the subject of the certificate: node2.example.com
Enter a dnsName of the subject of the certificate:
Enter a URI of the subject of the certificate:
Enter the IP address of the subject of the certificate:
Enter the e-mail of the subject of the certificate:
Will the certificate be used to sign OCSP requests? (y/N): n
Will the certificate be used to sign code? (y/N): n
Will the certificate be used for time stamping? (y/N): n
Will the certificate be used to sign other certificates? (y/N): y
Will the certificate be used to sign CRLs? (y/N): y
Enter the URI of the CRL distribution point:
X.509 Certificate Information:
Version: 3
Serial Number (hex): 5cb595b602f325ed
Validity:
Not Before: Tue Apr 16 08:43:36 UTC 2019
Not After: Fri Apr 13 08:43:44 UTC 2029
Subject: CN=node2.example.com
Subject Public Key Algorithm: RSA
Algorithm Security Level: Medium (2048 bits)
Modulus (bits 2048):
00:b7:d6:0b:dd:52:72:77:87:d6:16:8d:c6:93:69:6b
23:19:65:3e:28:cf:63:72:39:11:98:d9:6c:51:fe:da
2f:f3:2c:52:24:37:79:b2:36:ce:cd:8e:a2:45:51:96
a0:03:ef:7f:9b:f5:7f:f4:67:2e:08:25:fb:0b:69:41
f8:7c:15:b7:44:3d:65:a0:c8:97:51:f2:5c:fb:4f:fb
db:5a:c0:db:d9:78:35:c4:01:dc:68:d4:d2:9f:9b:29
47:4c:6e:44:d2:f4:b8:b4:f7:0a:dd:1c:45:d3:32:c8
cf:86:50:c3:49:4d:0f:24:61:e4:a6:10:c5:6a:f2:58
84:f4:94:e3:9d:65:33:c2:36:60:30:f0:f7:7a:55:9a
68:d4:0b:62:59:4f:9b:a0:60:e2:78:b9:1e:90:a5:95
9a:e9:45:c0:ba:6f:4c:09:72:d8:b0:fb:3b:77:c7:a8
ee:75:6e:f8:96:24:8c:14:06:57:85:73:eb:d2:e9:d9
a2:9e:d6:17:c0:6c:ac:ba:2a:47:49:9d:df:35:4a:75
be:4c:68:4e:36:43:04:a7:7c:a2:47:5d:62:24:1b:00
a9:10:63:90:3e:b1:8a:5c:01:e5:ac:21:7b:5e:19:ab
4e:04:5c:82:00:7e:27:d6:31:66:db:c7:1f:53:32:9b
59
Exponent (bits 24):
01:00:01
Extensions:
Basic Constraints (critical):
Certificate Authority (CA): TRUE
Path Length Constraint: 0
Subject Alternative Name (not critical):
DNSname: node2.example.com
Key Usage (critical):
Certificate signing.
CRL signing.
Subject Key Identifier (not critical):
951acec5fda12e4b438d10bb48a5ddcdea33a1f8
Other Information:
Public Key ID:
951acec5fda12e4b438d10bb48a5ddcdea33a1f8
Public key's random art:
+--[ RSA 2048]----+
| o |
| + = = |
| o = * + . |
| . + B + o . |
| . S = o . |
| . + o |
| . . B . |
| . . * |
| E . |
+-----------------+
Is the above information ok? (y/N): y
Signing certificate...
验证新创建的密钥。
[root@node2 ~]# ls -l total 48 -rw-------. 1 root root 1899 Nov 17 17:45 anaconda-ks.cfg -r-------- 1 root root 5813 Apr 16 14:12 ca-key.pem -rw-r--r-- 1 root root 1143 Apr 16 14:16 ca.pem drwxr-xr-x. 2 root root 4096 Nov 25 21:02 Desktop drwxr-xr-x. 2 root root 4096 Nov 25 21:02 Documents drwxr-xr-x. 2 root root 4096 Nov 25 21:02 Downloads -rw-r--r--. 1 root root 0 Nov 17 17:48 initial-setup-ks.cfg drwxr-xr-x. 2 root root 4096 Nov 25 21:02 Videos
警告:
除了CA本身,没有人需要它。
如果某个第三方获得了它,则安全性将受到破坏!
说明:
" ca-key.pem"是证书颁发机构的私钥," ca.pem"是我们要分发给其他节点的公共密钥。
我们也可以使用openssl吊销证书。
生成机器证书
在此步骤中,我们为每台计算机生成证书。
请注意,客户端和服务器都需要证书。
该证书将每台计算机标识给远程对等方。
这里的--outfile反映了将要使用私钥的服务器的名称,即我们的node3-key.pem。
这样,更容易识别密钥和映射的节点名称。
[root@node2 ~]# certtool --generate-privkey --outfile node3-key.pem --bits 2048 ** Note: Please use the --sec-param instead of --bits Generating a 2048 bit RSA private key...
远程日志服务器仍然是node3,并且签名请求是获取证书签名所需要的。
因此仅拥有私钥这一事实是不够的。
它必须由证书颁发机构签名。
其中我们使用certtool提出一个请求,以加载node3-key.pem私钥并将该私钥签名到输出文件中,即node3-request.pem
现在,这将再次提示我们一系列问题,并根据环境适当回答。
[root@node2 ~]# certtool --generate-request --load-privkey node3-key.pem --outfile node3-request.pem Generating a PKCS #10 certificate request... Common name: node3.example.com Organizational unit name: Organization name: Locality name: State or province name: Country name (2 chars): Enter the subject's domain component (DC): UID: Enter a dnsName of the subject of the certificate: node3.example.com Enter a URI of the subject of the certificate: Enter the IP address of the subject of the certificate: Enter the e-mail of the subject of the certificate: Enter a challenge password: Does the certificate belong to an authority? (y/N): Will the certificate be used for signing (DHE and RSA-EXPORT ciphersuites)? (Y/n): n Will the certificate be used for encryption (RSA ciphersuites)? (Y/n): n Will the certificate be used to sign code? (y/N): n Will the certificate be used for time stamping? (y/N): n Will the certificate be used for IPsec IKE operations? (y/N): n Will the certificate be used to sign OCSP requests? (y/N): n Is this a TLS web client certificate? (y/N): n Is this a TLS web server certificate? (y/N): n
现在验证我们创建的node3-request.pem。
[root@node2 ~]# ls -l total 60 -rw-------. 1 root root 1899 Nov 17 17:45 anaconda-ks.cfg -r-------- 1 root root 5813 Apr 16 14:12 ca-key.pem -rw-r--r-- 1 root root 1143 Apr 16 14:16 ca.pem drwxr-xr-x. 2 root root 4096 Nov 25 21:02 Desktop drwxr-xr-x. 2 root root 4096 Nov 25 21:02 Documents drwxr-xr-x. 2 root root 4096 Nov 25 21:02 Downloads -rw-r--r--. 1 root root 0 Nov 17 17:48 initial-setup-ks.cfg -rw------- 1 root root 5826 Apr 16 14:18 node3-key.pem -rw------- 1 root root 2513 Apr 16 14:20 node3-request.pem drwxr-xr-x. 2 root root 4096 Nov 25 21:02 Videos
在完成所有这些操作之后,为RSA的日志服务器以及客户端创建密钥材料的过程将完成。
其中证书颁发机构的私钥用于对将由" node3"使用的证书进行签名,这将确保所涉及的每个人都将信任" node3"。
[root@node2 ~]# certtool --generate-certificate --load-request node3-request.pem --outfile node3-cert.pem --load-ca-certificate ca.pem --load-ca-privkey ca-key.pem
Generating a signed certificate...
Enter the certificate's serial number in decimal (default: 6680412331704980564):
Activation/Expiration time.
The certificate will expire in (days): 1000
Extensions.
Do you want to honour the extensions from the request? (y/N):
Does the certificate belong to an authority? (y/N):
Is this a TLS web client certificate? (y/N): y
Will the certificate be used for IPsec IKE operations? (y/N):
Is this a TLS web server certificate? (y/N): y
Enter a dnsName of the subject of the certificate: node3.example.com
Enter a dnsName of the subject of the certificate:
Enter a URI of the subject of the certificate:
Enter the IP address of the subject of the certificate:
Will the certificate be used for signing (DHE and RSA-EXPORT ciphersuites)? (Y/n): n
Will the certificate be used for encryption (RSA ciphersuites)? (Y/n): n
Will the certificate be used to sign OCSP requests? (y/N): n
Will the certificate be used to sign code? (y/N): n
Will the certificate be used for time stamping? (y/N): n
X.509 Certificate Information:
Version: 3
Serial Number (hex): 5cb5979f106a1454
Validity:
Not Before: Tue Apr 16 08:51:48 UTC 2019
Not After: Mon Jan 10 08:51:53 UTC 2022
Subject: CN=node3.example.com,DC=node3.example.com
Subject Public Key Algorithm: RSA
Algorithm Security Level: Medium (2048 bits)
Modulus (bits 2048):
00:a4:1d:87:b0:dd:6c:53:85:a7:3e:0d:93:18:d8:fc
9d:a4:c3:71:4d:c1:00:74:04:9f:42:e0:83:00:5a:f0
4d:9e:20:77:d3:6b:4e:1a:e5:fe:95:06:80:5d:48:33
30:0e:d9:15:72:5e:9c:c8:c2:f4:60:59:cb:f2:cc:2d
58:45:64:f3:33:1d:62:c5:bd:71:a9:13:fe:89:ba:cc
c6:35:8a:22:6e:b4:f5:71:58:79:48:e5:1d:d0:c9:42
7d:fc:36:d5:fd:3f:0e:3c:b7:97:f0:e2:ca:7f:84:4f
6d:64:42:8b:42:c2:ed:7c:97:eb:37:d8:5a:01:da:39
b6:a5:82:b0:a0:cf:af:54:20:fb:6d:4b:a6:b8:83:2a
6c:36:2a:32:cd:fc:a6:c8:54:d3:53:29:ad:f6:0b:df
bd:a5:44:fa:d4:46:a9:90:53:24:5f:68:fa:cb:94:9d
d6:69:16:d6:14:41:9d:65:9b:9d:17:f9:37:4e:c1:3b
17:d9:67:8a:de:ad:44:cd:00:cc:13:40:99:a5:e3:a4
e2:4c:af:04:1a:4c:cd:b4:75:dd:78:b8:80:d9:43:d5
54:1f:3e:f0:8a:17:63:a7:f3:1a:67:ca:a2:06:dc:e7
80:52:d1:ea:48:dc:81:45:63:18:cb:76:a1:b1:88:58
d9
Exponent (bits 24):
01:00:01
Extensions:
Basic Constraints (critical):
Certificate Authority (CA): FALSE
Key Purpose (not critical):
TLS WWW Client.
TLS WWW Server.
Subject Alternative Name (not critical):
DNSname: node3.example.com
Subject Key Identifier (not critical):
b6c708ceaebf5e2509d57f8fe5cf9ae84d5d7b27
Authority Key Identifier (not critical):
951acec5fda12e4b438d10bb48a5ddcdea33a1f8
Other Information:
Public Key ID:
b6c708ceaebf5e2509d57f8fe5cf9ae84d5d7b27
Public key's random art:
+--[ RSA 2048]----+
| .. |
| . . |
| . . |
| . . . . .|
| . S . . =.|
| o o * ..=|
| o + o Eo=|
| . . . + o=|
| .+=. .o +. |
+-----------------+
Is the above information ok? (y/N): y
Signing certificate...
所以现在我们有一个签名证书
[root@node2 ~]# ls -l total 64 -rw-------. 1 root root 1899 Nov 17 17:45 anaconda-ks.cfg -r-------- 1 root root 5813 Apr 16 14:12 ca-key.pem -rw-r--r-- 1 root root 1143 Apr 16 14:16 ca.pem drwxr-xr-x. 2 root root 4096 Nov 25 21:02 Desktop drwxr-xr-x. 2 root root 4096 Nov 25 21:02 Documents drwxr-xr-x. 2 root root 4096 Nov 25 21:02 Downloads -rw-r--r--. 1 root root 0 Nov 17 17:48 initial-setup-ks.cfg drwxr-xr-x. 2 root root 4096 Nov 25 21:02 Music -rw-r--r-- 1 root root 1249 Apr 16 14:22 node3-cert.pem -rw------- 1 root root 5826 Apr 16 14:18 node3-key.pem -rw------- 1 root root 2513 Apr 16 14:20 node3-request.pem
因此,接下来,我们可以删除node3-request.pem,因为它不再需要了
[root@node2 ~]# rm -f node3-request.pem
另请阅读:
概述systemd-journald服务,并了解日志如何与RHEL 7中的rsyslog和Journal一起使用
分发TLS证书以启用安全的远程日志记录
接下来,我们必须将这些密钥(证书)复制到我们的远程节点。
因此,在复制密钥之前,我们将在服务器节点上创建一个目录来存储这些密钥
[root@node3 ~]# mkdir /etc/rsyslog-keys [root@node3 ~]# cd /etc/rsyslog-keys
接下来,将密钥从" node2"复制到" node3"
[root@node2 ~]# scp node3-*.pem node3:/etc/rsyslog-keys/ The authenticity of host 'node3 ()' can't be established. ECDSA key fingerprint is SHA256:3RCFjBhKJLtOb78Jv+Yx2IPbwRT5P1hOGw9d08RlGzs. ECDSA key fingerprint is MD5:b8:f9:09:06:91:48:de:a1:83:29:56:d5:94:3d:a6:d3. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'node3' (ECDSA) to the list of known hosts. root@node3's password: node3-cert.pem 100% 1249 729.7KB/s 00:00 node3-key.pem 100% 5826 2.9MB/s 00:00
[root@node2 ~]# scp ca.pem node3:/etc/rsyslog-keys/ root@node3's password: ca.pem 100% 1249 729.7KB/s 00:00
服务器配置以安全转发系统日志
现在,我们需要在远程日志服务器(node3)上进行一些配置更改,以使用TLS证书通过TCP从客户端(node2)接收消息。
创建一个新文件/etc/rsyslog.d/logserver.conf。
文件的名称并不重要,我们可以提供任何名称,只需确保文件的扩展名为.conf即可。
将以下内容转储到此文件中。
# make gtls driver the default $DefaultNetstreamDriver gtls # certificate files $DefaultNetstreamDriverCAFile /etc/rsyslog-keys/ca.pem $DefaultNetstreamDriverCertFile /etc/rsyslog-keys/node3-cert.pem $DefaultNetstreamDriverKeyFile /etc/rsyslog-keys/node3-key.pem $ModLoad imtcp # TCP listener $InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode $InputTCPServerStreamDriverAuthMode anon $InputTCPServerRun 6514 # start up listener at port 10514
接下来安装以下rpm(如果尚未安装),以安装/usr/lib64/rsyslog/lmnsd_gtls.so模块。
由于我们使用的是GTLS驱动程序,因此必须在客户端和服务器节点上都安装此模块。
[root@node3 ~]# yum -y install rsyslog-gnutls
接下来重启rsyslog服务
[root@node3 rsyslog.d]# systemctl restart rsyslog
检查服务状态
[root@node3 rsyslog.d]# systemctl status rsyslog
● rsyslog.service - System Logging Service
Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2019-04-16 15:21:41 IST; 2s ago
Docs: man:rsyslogd(8)
http://www.rsyslog.com/doc/
Main PID: 7822 (rsyslogd)
Tasks: 8
CGroup: /system.slice/rsyslog.service
└─7822 /usr/sbin/rsyslogd -n
Apr 16 15:21:41 node3 systemd[1]: Starting System Logging Service...
Apr 16 15:21:41 node3 rsyslogd[7822]: [origin software="rsyslogd" swVersion="8.24.0-34.el7" x-pid="7822" x-info="http://ww...] start
Apr 16 15:21:41 node3 systemd[1]: Started System Logging Service.
Hint: Some lines were ellipsized, use -l to show in full.
至此,我们在服务器端的配置已完成,让我们转到客户端(node2)端以完成我们的安全远程日志记录。
客户端配置以安全地接收日志消息
现在,让我们配置客户端(" node2")以将日志安全地传输到我们的远程日志服务器(" node3")。
第一步是创建一个目录来存储我们的密钥
[root@node2 ~]# mkdir /etc/rsyslog-keys
接下来将ca.pem复制到该目录
[root@node2 ~]# cp ca.pem /etc/rsyslog-keys/
接下来在/etc/rsyslog.d中创建一个新文件。
[root@node2 ~]# vim /etc/rsyslog.d/log-client.conf # certificate files $DefaultNetStreamDriverCAFile /etc/rsyslog-keys/ca.pem # make gtls driver the default $DefaultNetStreamDriver gtls $ActionSendStreamDriverMode 1 # run driver in TLS-only mode $ActionSendStreamDriverAuthMode anon *.* @@(o)node3.example.com:6514 # forward everything to remote server
这会将每条系统日志消息转发到远程日志服务器node3。
下一步,安装rsyslog-gnutls,因为我们要加载gtls模块,以使安全的远程日志记录正常工作。
[root@node2 ~]# yum -y install rsyslog-gnutls
我们都做完了,现在重新启动rsyslog服务并检查状态
[root@node2 ~]# systemctl restart rsyslog
[root@node2 ~]# systemctl status rsyslog
● rsyslog.service - System Logging Service
Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2019-04-16 15:32:10 IST; 4s ago
Docs: man:rsyslogd(8)
http://www.rsyslog.com/doc/
Main PID: 7784 (rsyslogd)
Tasks: 3
CGroup: /system.slice/rsyslog.service
└─7784 /usr/sbin/rsyslogd -n
Apr 16 15:32:10 node2.example.com systemd[1]: Stopped System Logging Service.
Apr 16 15:32:10 node2.example.com systemd[1]: Starting System Logging Service...
Apr 16 15:32:10 node2.example.com rsyslogd[7784]: [origin software="rsyslogd" swVersion="8.24.0-34.el7" x-pid="7784...start
Apr 16 15:32:10 node2.example.com systemd[1]: Started System Logging Service.
Hint: Some lines were ellipsized, use -l to show in full.
这样我们就完成了配置。
验证远程日志记录
现在,我们将尝试从服务器向客户端发送虚拟消息并验证我们的配置
[root@node2 ~]# logger "MESSAGE FROM NODE2"
检查服务器上的系统日志
[root@node3 ~]# less /var/log/messages Apr 16 17:14:28 node2 root: MESSAGE FROM NODE2
而且我们已收到预期的消息,因此似乎一切正常。
使用rsyslog应用日志过滤器
现在其中我们从远程日志服务器" node3"的"/var/log/messages"内部的" node2"获取所有消息,因此日志混在一起,让我们过滤掉日志以及" node2"的所有日志将存储在其他日志文件中。
为此,我们将在远程日志服务器" node3"上使用过滤器配置创建一个新文件。
[root@node3 ~]# cd /etc/rsyslog.d/ [root@node3 rsyslog.d]# cat remotefilter.conf :fromhost, isequal, "node2.example.com" /var/log/node2/messages :fromhost, isequal, "node2.example.com" ~
这里的语法本身很容易解释,第二行看起来有点混乱。
其中第二行将确保对来自服务器的消息不做任何其他处理。
接下来重启rsyslog服务
[root@node3 rsyslog.d]# systemctl restart rsyslog
[root@node3 rsyslog.d]# systemctl status rsyslog
● rsyslog.service - System Logging Service
Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2019-04-16 17:22:14 IST; 11min ago
Docs: man:rsyslogd(8)
http://www.rsyslog.com/doc/
Main PID: 9436 (rsyslogd)
Tasks: 8
CGroup: /system.slice/rsyslog.service
└─9436 /usr/sbin/rsyslogd -n
Apr 16 17:22:14 node3.example.com systemd[1]: Stopped System Logging Service.
Apr 16 17:22:14 node3.example.com systemd[1]: Starting System Logging Service...
Apr 16 17:22:14 node3.example.com rsyslogd[9436]: [origin software="rsyslogd" swVersion="8.24.0-34.el7" x-pid="9436" x-info="http://www.rsyslog.com"] start
Apr 16 17:22:14 node3.example.com rsyslogd[9436]: warning: ~ action is deprecated, consider using the 'stop' statement instead [v8.24.0-34.el7 try http://www.rsyslog.com/e/2307 ]
Apr 16 17:22:14 node3.example.com systemd[1]: Started System Logging Service.
现在让我们在node2上打印一条消息,看看是否在node3上收到了该消息。
[root@node2 ~]# logger "MESSAGE FROM NODE2 AGAIN"
并且看起来该消息已按预期在我们的新位置中收到了好评。
[root@node3 rsyslog.d]# cat /var/log/node2/messages Apr 16 17:22:05 node2 root: MESSAGE FROM NODE2 AGAIN
