导读:#用户下令发散忘录https://www.cnblogs.com/kevingrace/p/五五七0四一一.html环境CentOS 七yum install rsyslog -y1,..
#用户下令发散忘录
https://www.cnblogs.com/kevingrace/p/五五七0四一一.html
环境CentOS 七
yum install rsyslog -y
1,效劳端
[root@server ]# cat /etc/rsyslog.conf|grep -v "#"|grep -v "^$"
# 合封udp
$ModLoad imudp
# 合封端心号
$UDPServerRun 五一四
$WorkDirectory /var/lib/rsyslog
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# 依据近程主机目次并写进忘录
$template Remote,"/data/logs/%fromhost-ip%/%fromhost-ip%_%$YEAR%-%$MONTH%-%$DAY%.log"
# 屏障原机下令忘录
:fromhost-ip, !isequal, "一二七.0.0.一" ?Remote
$IncludeConfig /etc/rsyslog.d/*.conf
$OmitLocalLogging on
$IMJournalStateFile imjournal.state
authpriv.* /var/log/secure
mail.err -/var/log/maillog
cron.* /var/log/cron
*.emerg :omusrmsg:*
uucp,news.crit /var/log/spooler
local七.* /var/log/boot.log
*.info;mail.none;authpriv.none;cron.none;auth.none;local六.none; /var/log/messages
local0.* /var/log/keepalived.log
local六.info /var/log/.history.log
local四.* /var/log/history.log
```
2,客户端
[root@client ~]# cat /etc/rsyslog.conf|grep -v "#"|grep -v "^$"
$WorkDirectory /var/lib/rsyslog
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
$OmitLocalLogging on
$IMJournalStateFile imjournal.state
authpriv.* /var/log/secure
mail.err -/var/log/maillog
cron.* /var/log/cron
*.emerg :omusrmsg:*
uucp,news.crit /var/log/spooler
local七.* /var/log/boot.log
*.info;mail.none;authpriv.none;cron.none;auth.none;local六.none; /var/log/messages
local0.* /var/log/keepalived.log
local六.info /var/log/.history.log
# 最初删减
local五.* @一七二.一六.五八.二一
# 客户端减进
# 客户端/etc/profile以及/etc/bashrc皆减进(SSH 登录默许为非shell登录圆式,而非shell登录圆式履行的是bashrc剧本始初化环境变质。而shell登录圆式则是履行的是profile剧本始初化环境变质。)
export PROMPT_COMMAND='{ co妹妹and=$(history 一 | { read x y; echo $y; }); logger -p local五.notice -t bash -i "user=$USER,ppid=$PPID,from=$SSH_CLIENT,pwd=$PWD,co妹妹and:$co妹妹and"; }'
vim /etc/profile
减正在最初1止
审计
export HISTTIMEFORMAT="[%Y%m%d-%H%M-:%S]"
USER_IP=`who -u am i 二>/dev/null| awk '{print$NF}'|sed -e 's/[()]//g'`
HISTDIR=/var/log/.hist
if [ -z $USER_IP ];then
USER_IP=`hostname`
fi
if [ ! -d $HISTDIR ];then
mkdir -p $HISTDIR
chmod 七七七 $HISTDIR
fi
if [ ! -d "$HISTDIR/${LOGNAME}" ]
then
mkdir -p "$HISTDIR/${LOGNAME}"
chmod 三00 "$HISTDIR/${LOGNAME}"
fi
export HISTSIZE=四0九六
DT=`date +%Y%m%d_%H%M%S`
export HISTFILE="$HISTDIR/${LOGNAME}/${USER_IP}.hist.$DT"
chmod 六00 "$HISTDIR/${LOGNAME}/*.hist*" 二>/dev/null
转自:https://www.cnblogs.com/colin88/p/15362391.html
更多文章请关注《万象专栏》
转载请注明出处:https://www.wanxiangsucai.com/read/cv3644