<p class="shortdesc">本文介绍如何配置通过Syslog方式发送告警信息。</p> <section class="section prereq" id="bySyslog__prereq_uxw_xpr_4sb"><div class="tasklabel"><h2 class="doc-tairway">前提条件</h2></div> <p class="p">您已创建实例。</p> <p class="p">您已添加资产。</p> </section> <section class="section context" id="bySyslog__context_mxb_xvl_psb"><div class="tasklabel"><h2 class="doc-tairway">背景信息</h2></div> <p class="p">通过Syslog通知方式您可将资产的告警日志和系统日志发送到指定的Syslog服务器。</p> </section> <section><div class="tasklabel"><h2 class="doc-tairway">操作步骤</h2></div><ol class="ol steps"><li class="li step stepexpand"> <span class="ph cmd">登录<a class="xref" href="https://www.ocftcloud.com/console/db-audit" target="_blank" rel="external noopener">数据库审计控制台</a>，进入<span class="keyword wintitle">实例列表</span>页面。</span> </li><li class="li step stepexpand"> <span class="ph cmd">单击目标实例<span class="ph uicontrol">操作</span>列的<span class="ph uicontrol">管理</span>，进入数据库审计控制台。</span> <div class="itemgroup info"> <img class="image" id="bySyslog__d23e47" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222103110011-12277d5f94d4.png" width="700"> </div> </li><li class="li step stepexpand"> <span class="ph cmd">在菜单栏选择<span class="ph menucascade"><span class="ph uicontrol">通知外送</span><abbr> > </abbr><span class="ph uicontrol">告警通知</span></span>，进入<span class="keyword wintitle">告警通知</span>页面，选择<span class="keyword wintitle">SYSLOG</span>页签。</span> <div class="itemgroup info"> <img class="image" id="bySyslog__image_ltg_ctl_psb" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222103110012-1f4f184b9b59.png" width="700"> </div> </li><li class="li step stepexpand"> <span class="ph cmd">单击<span class="ph uicontrol">新增</span>，进入<span class="keyword wintitle">新增SYSLOG接收</span>页面，根据以下信息新增Syslog接收接口。</span> <div class="itemgroup info"> <img class="image" id="bySyslog__image_dpn_jwl_psb" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222103110012-1699061c924c.png" width="500"> <table class="table" id="bySyslog__table_ntx_kwl_psb"><caption></caption><colgroup><col style="width:30.48780487804878%"><col style="width:69.51219512195121%"></colgroup><thead class="thead"> <tr class="row"> <th class="entry" id="bySyslog__table_ntx_kwl_psb__entry__1"> <p class="p">配置项</p> </th> <th class="entry" id="bySyslog__table_ntx_kwl_psb__entry__2"> <p class="p">说明</p> </th> </tr> </thead><tbody class="tbody"> <tr class="row"> <td class="entry" headers="bySyslog__table_ntx_kwl_psb__entry__1 "> <p class="p">配置名称</p> </td> <td class="entry" headers="bySyslog__table_ntx_kwl_psb__entry__2 "> <p class="p">Syslog接收接口的名称。</p> </td> </tr> <tr class="row"> <td class="entry" headers="bySyslog__table_ntx_kwl_psb__entry__1 "> <p class="p">服务器地址</p> </td> <td class="entry" headers="bySyslog__table_ntx_kwl_psb__entry__2 "> <p class="p">Syslog服务器地址，可为IP或者域名。</p> </td> </tr> <tr class="row"> <td class="entry" headers="bySyslog__table_ntx_kwl_psb__entry__1 "> <p class="p">端口</p> </td> <td class="entry" headers="bySyslog__table_ntx_kwl_psb__entry__2 "> <p class="p">Syslog服务器端口，默认为514。</p> </td> </tr> <tr class="row"> <td class="entry" headers="bySyslog__table_ntx_kwl_psb__entry__1 "> <p class="p">程序模块编码</p> </td> <td class="entry" headers="bySyslog__table_ntx_kwl_psb__entry__2 "> <p class="p">Syslog协议RFC 5424规定，消息中必须包含“程序模块编码”，Syslog服务端使用该编码区分发送消息的程序来源。建议选择默认值local0。</p> </td> </tr> <tr class="row"> <td class="entry" headers="bySyslog__table_ntx_kwl_psb__entry__1 "> <p class="p">严重等级</p> </td> <td class="entry" headers="bySyslog__table_ntx_kwl_psb__entry__2 "> <p class="p">选择向Syslog服务器发送告警所标记的严重等级。等级分为：Emergency、Alert、Critical、Error、Warning、Notice、Informational、Debug。</p> <div class="p"> <div class="note important note_important" id="bySyslog__note_gw2_qwl_psb"><span class="note__title">重要：</span> Syslog相关配置必须与服务器端配置保持一致。</div> </div> </td> </tr> <tr class="row"> <td class="entry" headers="bySyslog__table_ntx_kwl_psb__entry__1 "> <p class="p">实时告警模板</p> </td> <td class="entry" headers="bySyslog__table_ntx_kwl_psb__entry__2 "> <p class="p">发送实时告警信息的模板。</p> <div class="p"> <div class="note note note_note" id="bySyslog__note_atz_qwl_psb"><span class="note__title">说明：</span> 用户可以根据实际需求依据<span class="ph uicontrol">填写说明</span>修改默认模板。</div> </div> </td> </tr> <tr class="row"> <td class="entry" headers="bySyslog__table_ntx_kwl_psb__entry__1 "> <p class="p">聚合告警模板</p> </td> <td class="entry" headers="bySyslog__table_ntx_kwl_psb__entry__2 "> <p class="p">发送聚合告警信息的模板。</p> <div class="p"> <div class="note note note_note" id="bySyslog__note_n4j_rwl_psb"><span class="note__title">说明：</span> 用户可以根据实际需求依据<span class="ph uicontrol">填写说明</span>修改默认模板。</div> </div> </td> </tr> <tr class="row"> <td class="entry" headers="bySyslog__table_ntx_kwl_psb__entry__1 "> <p class="p">统计告警模板</p> </td> <td class="entry" headers="bySyslog__table_ntx_kwl_psb__entry__2 "> <p class="p">发送统计告警信息的模板。</p> <div class="p"> <div class="note note note_note" id="bySyslog__note_ozl_rwl_psb"><span class="note__title">说明：</span> 用户可以根据实际需求依据<span class="ph uicontrol">填写说明</span>修改默认模板。</div> </div> </td> </tr> <tr class="row"> <td class="entry" headers="bySyslog__table_ntx_kwl_psb__entry__1 "> <p class="p">系统告警模板</p> </td> <td class="entry" headers="bySyslog__table_ntx_kwl_psb__entry__2 "> <p class="p">发送系统告警信息的模板。</p> <div class="p"> <div class="note note note_note" id="bySyslog__note_v24_rwl_psb"><span class="note__title">说明：</span> 用户可以根据实际需求依据<span class="ph uicontrol">填写说明</span>修改默认模板。</div> </div> </td> </tr> </tbody></table> </div> </li><li class="li step stepexpand"> <span class="ph cmd">单击<span class="ph uicontrol">保存</span>。</span> </li><li class="li step stepexpand"> <span class="ph cmd">在指定资产上应用SYSLOG告警方式。在页面下方<span class="ph uicontrol">告警通知接收配置管理</span>区域单击<span class="ph uicontrol">添加</span>。</span> <div class="itemgroup info"> <img class="image" id="bySyslog__image_ohn_twl_psb" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222103110012-1704075f9ca0.png" width="700"> </div> </li><li class="li step stepexpand"> <span class="ph cmd">在弹出的对话框中，根据以下信息新增告警通知接收配置。</span> <div class="itemgroup info"> <img class="image" id="bySyslog__image_grk_5wl_psb" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222103110012-11687e3e970a.png" width="500"> <table class="table" id="bySyslog__table_qlk_vwl_psb"><caption></caption><colgroup><col style="width:31.347962382445143%"><col style="width:68.65203761755487%"></colgroup><thead class="thead"> <tr class="row"> <th class="entry" id="bySyslog__table_qlk_vwl_psb__entry__1"> <p class="p">配置项</p> </th> <th class="entry" id="bySyslog__table_qlk_vwl_psb__entry__2"> <p class="p">说明</p> </th> </tr> </thead><tbody class="tbody"> <tr class="row"> <td class="entry" headers="bySyslog__table_qlk_vwl_psb__entry__1 "> <p class="p">资产</p> </td> <td class="entry" headers="bySyslog__table_qlk_vwl_psb__entry__2 "> <p class="p">当所选资产发生告警，将通过SNMP方式向指定SNMP接口发送告警信息，可选择多个资产。</p> </td> </tr> <tr class="row"> <td class="entry" headers="bySyslog__table_qlk_vwl_psb__entry__1 "> <p class="p">接收者</p> </td> <td class="entry" headers="bySyslog__table_qlk_vwl_psb__entry__2 "> <p class="p">选择Syslog接收接口，关于Syslog接收接口的配置请参见步骤3和步骤4。</p> </td> </tr> <tr class="row"> <td class="entry" headers="bySyslog__table_qlk_vwl_psb__entry__1 "> <p class="p">告警等级</p> </td> <td class="entry" headers="bySyslog__table_qlk_vwl_psb__entry__2 "> <p class="p">触发指定等级的告警才会发送告警信息。</p> </td> </tr> <tr class="row"> <td class="entry" headers="bySyslog__table_qlk_vwl_psb__entry__1 "> <p class="p">通知周期</p> </td> <td class="entry" headers="bySyslog__table_qlk_vwl_psb__entry__2 "> <p class="p">取值范围为0~86400，单位为秒，0表示发送全部告警。如果设置为0，聚合通知功能将无法开启。同一个规则在通知周期内多次触发告警时只通知第一次触发的告警。</p> </td> </tr> <tr class="row"> <td class="entry" headers="bySyslog__table_qlk_vwl_psb__entry__1 "> <p class="p">聚合通知</p> </td> <td class="entry" headers="bySyslog__table_qlk_vwl_psb__entry__2 "> <p class="p">开启聚合通知功能后，系统会在通知周期结束后发送一条聚合告警信息。聚合消息示例如下：在过去*秒，总计触发*条告警。</p> </td> </tr> <tr class="row"> <td class="entry" headers="bySyslog__table_qlk_vwl_psb__entry__1 "> <p class="p">告警统计</p> </td> <td class="entry" headers="bySyslog__table_qlk_vwl_psb__entry__2 "> <p class="p">开启后，系统将统计总共发生了多少次告警。</p> </td> </tr> <tr class="row"> <td class="entry" headers="bySyslog__table_qlk_vwl_psb__entry__1 "> <p class="p">发送时间</p> </td> <td class="entry" headers="bySyslog__table_qlk_vwl_psb__entry__2 "> <p class="p">每日在设定的时间点发送前一天的告警统计信息。</p> </td> </tr> </tbody></table> </div> </li><li class="li step stepexpand"> <span class="ph cmd">单击<span class="ph uicontrol">保存</span>。</span> </li></ol></section>