F5扫盲计划之:log&syslog

www.net130.com     日期:2010-10-7    浏览次数:
出处:http://www.myf5.net/post/738.html

GUI下的log显示有:

system———->/var/log/messages

packer filter ————->/var/log/pktfilter

Local traffic————–>/var/log/ltm

audit—————–>/var/log/audit

打开GUI下的审计需要打开MCP审计功能并确保MCP的日志级别不高于notice

打开b 命令的审计则需打开bigpipe的审计

在/var/log 下其实还有很多其他日志文件

——————————————————

使用logtool可以快速的在所有日志中查找感兴趣的日志,使用方法如下

[root@v10-1:Active] log # logtool –help
Unknown option: help
Usage: /usr/bin/logtool [options] ["<SearchString>"]
Options:
–filename:    Append the log file name to the message
–level=LEVEL: Search for messages at a level
–system=NAME: Search for messages from a system
–slot=NUMBER: Search for messages from a slot
–zipped:      Search for messages in compressed log files

注意searchstring是区分大小写的。

—————————————-

在命令行下查看日志时候可以通过增加 bigcodes 管道来解析F5一些专用的抽象代码,例如

cat /var/log/ltm | bigcodes |less

—————————————-

resize-logFS 可以用来resize 给/var/log预分配的固定空间,默认是7G,可配区间是1-10G

——————–

配置syslog-ng将log发送到远程syslog服务器


9.4.2之前手工编辑/etc/syslog-ng/syslog-ng.conf

9.4.2–9.4.6用 b命令配置syslog

9.4.2–9.4.6中用b syslog remote server 命令只能配置一个目标服务器,且不能指定协议,所以必须用b syslog include命令来配置(SOL8259),但这个版本区间用b syslog include配置多个目标服务器又可能会在log中提示错误(SOL8549),所有的问题都在V10中解决,v10中关于syslog的配置命令进行了增强。

9.4.2–9.4.6中b syslog include 配置方法:

bigpipe syslog include ‘”destination <dest_name> { <protocol>(\”<syslog_ip_address>\” port(<syslog_port>));};log { source(local); destination(<dest_name>);};”‘

Replace <dest_name> with a unique name for the new log destination object, <protocol> with the desired transport protocol (UDP or TCP), <syslog_ip_address> with the IP address of the destination remote syslog server, and <syslog_port> with the port upon which the remote syslog service is listening. The tuple of <protocol>(\”<syslog_ip_address>\” port (<syslog_port>)) may be repeated as necessary, separated by semicolons, to configure multiple destinations.

For example, the following bigpipe syslog include command adds a remote UDP syslog server with the IP address of 10.0.0.1:

bigpipe syslog include ‘”destination d_udp { udp(\”10.0.0.1\” port(514));};log { source(local); destination(d_udp);};”‘

The following bigpipe syslog include command adds two remote TCP syslog servers:

bigpipe syslog include ‘”destination d_tcp { tcp(\”10.0.0.1\” port(1468)); tcp(\”10.0.0.2\” port(1468));};log { source(local); destination(d_tcp);};”‘

V10后使用 b syslog remote server配置方法:

Adding a single remote server:
bigpipe syslog remote server {<name> {host <addr_or_hostname>}}

Adding multiple remote servers:
bigpipe syslog remote server {<name1> {host <addr_or_hostname>} <name2> {host <addr_or_hostname>} … }

Deleting a single remote server:bigpipe syslog remote server <name> delete
Deleting multiple remote servers:bigpipe syslog remote server {<name1> <name2> … } delete
Deleting all remote servers:bigpipe syslog remote server none

本新闻共2页,当前在第1页  1  2  

分享道
相关新闻