Rsyslog 集中日志配置

v20260317

implementing-syslog-centralization-with-rsyslog

借助 TLS、JSON 模板、主机隔离目录和可靠队列配置 Rsyslog，实现集中日志采集并通过 SSH 部署与验证，适用于安全运维场景。

Rsyslog Syslog TLS 集中日志模板可靠队列 SSH部署

获取技能

333 次下载

概览

Instructions

Install dependencies: pip install jinja2 paramiko
Generate TLS certificates for rsyslog server and clients using OpenSSL.
Run the agent to generate rsyslog server and client configurations:
- Server: TLS listener on port 6514, per-host directory output, JSON-format templates
- Client: TLS forwarding with disk-assisted queues for reliability
Deploy configurations to servers via SSH (paramiko).
Validate TLS connectivity and log delivery.

python scripts/agent.py --server-ip 10.0.0.1 --clients 10.0.0.10,10.0.0.11 --ca-cert ca.pem --output syslog_report.json

Examples

Server Configuration (TLS)

module(load="imtcp" StreamDriver.Name="gtls" StreamDriver.Mode="1"
       StreamDriver.Authmode="x509/name")
input(type="imtcp" port="6514")
template(name="PerHostLog" type="string" string="/var/log/remote/%HOSTNAME%/%PROGRAMNAME%.log")
*.* ?PerHostLog

Client Configuration (Reliable Forwarding)

action(type="omfwd" target="10.0.0.1" port="6514" protocol="tcp"
       StreamDriver="gtls" StreamDriverMode="1"
       StreamDriverAuthMode="x509/name"
       queue.type="LinkedList" queue.filename="fwdRule1"
       queue.maxdiskspace="1g" queue.saveonshutdown="on"
       action.resumeRetryCount="-1")

信息

Category 编程开发

Name implementing-syslog-centralization-with-rsyslog

版本 v20260317

大小 9.28KB

Source mukul975/Anthropic-Cybersecurity-Skills

更新时间 2026-03-18