linux 系统日志设置

# 使用logrotate工具进行日志轮转
sudo apt-get install logrotate

/var/log/syslog {
    daily
    missingok
    rotate 7
    compress
    delaycompress
    notifempty
    create 0640 root adm
}

# 设置全局日志级别为info
*.info;mail.none;authpriv.none;cron.none /var/log/messages

# 在发送端配置
*.* @远程服务器IP:514

# 在接收端配置
module(load="imudp")
input(type="imudp" port="514")

# /etc/rsyslog.conf
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog   # provides kernel logging support (previously done by rklogd)

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# Log all kernel messages to the console.
kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
*.info;mail.none;authpriv.none;cron.none                /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog

# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 *

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log