1. 配置SERVER端(接收端):

[root@rhel6-server etc]# vim /etc/rsyslog.conf

# Provides TCP syslog reception

$ModLoad imtcp.so  

$InputTCPServerRun 514

[root@rhel6-server etc]# service rsyslog reload

Reloading system logger...                                 [  OK  ]

[root@rhel6-server etc]# netstat -natulp | grep 514

tcp        0      0 0.0.0.0:514                 0.0.0.0:*                   LISTEN      5427/rsyslogd       

tcp        0      0 :::514                      :::*                        LISTEN      5427/rsyslogd 


2. 配置CLIENT端(发送端):

[root@rhel6-client log]# vim /etc/rsyslog.conf

*.* @@rhel6-server:514

[root@rhel6-client log]# service rsyslog restart

Starting system logger:                                    [  OK  ]



3. SERVER端验证:

[root@rhel6-server etc]# netstat -natulp | grep 514

tcp        0      0 0.0.0.0:514                 0.0.0.0:*                   LISTEN      5427/rsyslogd       

tcp        0      0 192.168.17.253:514          192.168.17.152:33323        FIN_WAIT2   -                   

tcp        0      0 :::514                      :::*                        LISTEN      5427/rsyslogd 

[root@rhel6-server etc]# tail -n 30 /var/log/messages | grep rhel6-client

Mar  2 00:42:07 rhel6-client kernel: Kernel logging (proc) stopped.

Mar  2 00:42:07 rhel6-client rsyslogd: [origin software="rsyslogd" swVersion="4.6.2" x-pid="3197" x-info="http://www.rsyslog.com"] exiting on signal 15.

Mar  2 00:43:11 rhel6-client kernel: imklog 4.6.2, log source = /proc/kmsg started.

Mar  2 00:43:11 rhel6-client rsyslogd: [origin software="rsyslogd" swVersion="4.6.2" x-pid="3275" x-info="http://www.rsyslog.com"] (re)start

[root@rhel6-server etc]#



REF:

​http://server.51cto.com/sCollege-272392.htm​