内容目录
网络设备配置
- 华为
info-center loghost source Vlanifxxx
info-center loghost x.x.x.x facility local6 local-time- 华三
info-center loghost source Vlan-interfacexxx
info-center loghost vpn-instance wangguan x.x.x.x facility local5rsyslog配置
vim /etc/rsyslog.conf
$template h3c,"/var/log/network/h3c/%$YEAR%_%$MONTH%_%$DAY%-%FROMHOST-IP%.log"
local5.* ?h3c
$template huawei,"/var/log/network/huawei/%$YEAR%_%$MONTH%_%$DAY%-%FROMHOST-IP%.log"
local6.* ?huawei
crontab -l
#每天凌晨3点执行删除f5000session、h3c、huawei网络设备日志;by:yujing 2024/8/7
00 03 * * * bash -x /opt/delete_session_log.sh &> /tmp/delete.log
cat /opt/delete_session_log.sh
# 获取当天日期,并格式化为find需要的格式
TODAY=$(date +'%Y-%m-%d')
find /firewall/f5000session/ -type f -name "*.log" ! -newermt "$TODAY" | xargs rm -f
find /var/log/network/huawei/ -type f -name "*.log" -mtime +1 | xargs rm -f
find /var/log/network/h3c/ -type f -name "*.log" -mtime +1 | xargs rm -f重启rsyslog服务
systemctl restart rsyslog
elastic配置(在kibana上配置)
- 配置索引模板
networks-template
- 索引管理
配置好后在索引管理上会看到名称为networks-huawei-2024.09.06和networks-h3c-2024.09.06的索引
然后添加好networks-h*的索引模式
discover菜单
留言