自动写的rsyslog客户端自动配置脚本,经测试正常使用
#!/bin/bash #Install & Config the rsyslog #Release 0.3 #date 2016.10.10 #set -x #此脚本为log自动部署脚本 #版本较早系统自带syslog,较新版本自带rsyslog #手动配置如下, #在/etc/rsyslog中追加以下配置,然后重启/etc/init.d/rsyslog restart # user.* @172.16.16.20 # authpriv.* @172.16.16.20 # *.warning @172.16.16.20 #或者user.*;authpriv.*;*.warning @172.16.16.20 #然后在/etc/bashrc中追加以下配置,然后运行 source /etc/bashrc即可 #export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg"; }' # #PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin PATH=$PATH:~/bin export PATH #同步时间 cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime function timecmd(){ ntpdate pool.ntp.org } if [ ! -e "/usr/sbin/ntpdate" ]; then yum install -y ntpdate && timecmd else timecmd echo -e "\n error" fi #导入配置信息 #cfg(){ #sed -i '$a #Send the log information to the server' $log #sed -i '$a user.* @172.16.16.20' $log #sed -i '$a authpriv.* @172.16.16.20' $log #sed -i '$a *.warning @172.16.16.20' $log #} #cfgs(){ #sed -i '$a #Send the log information to the server' $logs #sed -i '$a user.* @172.16.16.20' $logs #sed -i '$a authpriv.* @172.16.16.20' $logs #sed -i '$a *.warning @172.16.16.20' $logs #} logr=/etc/rsyslog.conf logs=/etc/syslog.conf cfg(){ sed -i '$a #Send the log information to the server' $logr sed -i '$a *.warning;user.*;authpriv.* @172.16.16.20' $logr } cfgs(){ sed -i '$a #Send the log information to the server' $logs sed -i '$a *.warning;user.*;authpriv.* @172.16.16.20' $logs } #启动服务并且设置为开机自动启动 autoboot(){ (/etc/init.d/rsyslog start && chkconfig rsyslog on) } autoboots(){ (/etc/init.d/syslog start && chkconfig syslog on) } #安装rsyslog服务 irsyslog(){ yum install -y rsyslog || echo "Install error" && exit 3 } rsyscfg=$(cat /etc/rsyslog.conf | grep "@172.16.16.20" | grep -v '#' | awk '{print $2}') ipadd='@172.16.16.20' if [ -f $logs ]; then cfgs elif [ "$rsyscfg" == "$ipadd" ]; then echo "172.16.16.20 in rsyslog.conf" && exit 4 elif [ -f $logr ]; then cfg else irsyslog && cfgs fi #记录shell中所有输入的命令 usercmd=$(cat /etc/bashrc | grep '#Record-the-input-cmd') cmdinfo=#Record-the-input-cmd bashrcfile=/etc/bashrc shrc(){ sed -i '$a #Record-the-input-cmd' $bashrcfile echo export PROMPT_COMMAND=\''{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg"; }'\' >> $bashrcfile } if [ "$usercmd" == "$cmdinfo" ];then echo "commandinfo is exist " && exit 5 elif [ -e /etc/bashrc ]; then shrc else echo "error: not import to the /etc/bashrc " fi source /etc/bashrc autoboot || autoboots
Rsyslog+LogAnalyzer使用正常