通过Syslog方式外发日志

<p class="shortdesc">本文介绍如何通过Syslog方式外发日志。</p> <section class="section prereq" id="bySyslog__prereq_uxw_xpr_4sb"><div class="tasklabel"><h2 class="doc-tairway">前提条件</h2></div> <p class="p">您已创建实例。</p> <p class="p">您已添加资产。</p> </section> <section><div class="tasklabel"><h2 class="doc-tairway">操作步骤</h2></div><ol class="ol steps"><li class="li step stepexpand"> <span class="ph cmd">登录<a class="xref" href="https://www.ocftcloud.com/console/db-audit" target="_blank" rel="external noopener">数据库审计控制台</a>,进入<span class="keyword wintitle">实例列表</span>页面。</span> </li><li class="li step stepexpand"> <span class="ph cmd">单击目标实例<span class="ph uicontrol">操作</span>列的<span class="ph uicontrol">管理</span>,进入数据库审计控制台。</span> <div class="itemgroup info"> <img class="image" id="bySyslog__d23e47" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222103110011-12277d5f94d4.png" width="700"> </div> </li><li class="li step stepexpand"> <span class="ph cmd">在菜单栏选择<span class="ph menucascade"><span class="ph uicontrol">通知外送</span><abbr> > </abbr><span class="ph uicontrol">日志外送</span></span>,进入<span class="keyword wintitle">日志外送</span>页面,选择<span class="keyword wintitle">SYSLOG</span>页签。</span> <div class="itemgroup info"> <img class="image" id="bySyslog__image_grk_5wl_psb" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222103110012-19e574d89606.png" width="700"> </div> </li><li class="li step stepexpand"> <span class="ph cmd">在<span class="ph uicontrol">日志外送接口管理</span>区域单击<span class="ph uicontrol">新增</span>,进入<span class="keyword wintitle">新增日志外送接口</span>页面,根据以下信息新增日志外送接口。</span> <div class="itemgroup info"> <img class="image" id="bySyslog__image_adg_q1m_psb" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222103110012-17697ef99496.png" width="500"> <table class="table" id="bySyslog__table_ppj_r1m_psb"><caption></caption><colgroup><col style="width:34.01360544217687%"><col style="width:65.98639455782312%"></colgroup><thead class="thead"> <tr class="row"> <th class="entry" id="bySyslog__table_ppj_r1m_psb__entry__1"> <p class="p">配置项</p> </th> <th class="entry" id="bySyslog__table_ppj_r1m_psb__entry__2"> <p class="p">说明</p> </th> </tr> </thead><tbody class="tbody"> <tr class="row"> <td class="entry" headers="bySyslog__table_ppj_r1m_psb__entry__1 "> <p class="p">名称</p> </td> <td class="entry" headers="bySyslog__table_ppj_r1m_psb__entry__2 "> <p class="p">日志外送接口的名称。必须为中文字符、字母、数字、下划线“_”、点“.”或短横“-”,长度不超过64字符。</p> </td> </tr> <tr class="row"> <td class="entry" headers="bySyslog__table_ppj_r1m_psb__entry__1 "> <p class="p">服务器地址</p> </td> <td class="entry" headers="bySyslog__table_ppj_r1m_psb__entry__2 "> <p class="p">Syslog服务器地址,可为IP或者域名。</p> </td> </tr> <tr class="row"> <td class="entry" headers="bySyslog__table_ppj_r1m_psb__entry__1 "> <p class="p">端口</p> </td> <td class="entry" headers="bySyslog__table_ppj_r1m_psb__entry__2 "> <p class="p">Syslog服务器端口,默认为514。</p> </td> </tr> <tr class="row"> <td class="entry" headers="bySyslog__table_ppj_r1m_psb__entry__1 "> <p class="p">发送协议</p> </td> <td class="entry" headers="bySyslog__table_ppj_r1m_psb__entry__2 "> <p class="p">发送日志的传输层协议,可选择UDP或者TCP。</p> </td> </tr> <tr class="row"> <td class="entry" headers="bySyslog__table_ppj_r1m_psb__entry__1 "> <p class="p">是否发送消息头</p> </td> <td class="entry" headers="bySyslog__table_ppj_r1m_psb__entry__2 "> <p class="p">选择是否发送消息头。如果选择“否”,发送日志不会包含消息头,只包含数据部分。</p> </td> </tr> <tr class="row"> <td class="entry" headers="bySyslog__table_ppj_r1m_psb__entry__1 "> <p class="p">内容协议格式</p> </td> <td class="entry" headers="bySyslog__table_ppj_r1m_psb__entry__2 "> <p class="p">设置发送日志内容所采用的协议格式。请以Syslog服务器的实际支持情况为准。</p> </td> </tr> <tr class="row"> <td class="entry" headers="bySyslog__table_ppj_r1m_psb__entry__1 "> <p class="p">报文默认主机名</p> </td> <td class="entry" headers="bySyslog__table_ppj_r1m_psb__entry__2 "> <p class="p">如果选择发送消息头,需要配置默认发送的主机名。此项必须与Syslog服务端配置一致。</p> </td> </tr> <tr class="row"> <td class="entry" headers="bySyslog__table_ppj_r1m_psb__entry__1 "> <p class="p">报文默认应用名</p> </td> <td class="entry" headers="bySyslog__table_ppj_r1m_psb__entry__2 "> <p class="p">如果选择发送消息头,需要配置默认发送的应用名。此项与Syslog服务端配置一致即可。</p> </td> </tr> <tr class="row"> <td class="entry" headers="bySyslog__table_ppj_r1m_psb__entry__1 "> <p class="p">程序模块编码</p> </td> <td class="entry" headers="bySyslog__table_ppj_r1m_psb__entry__2 "> <p class="p">Syslog协议RFC 5424规定,消息中必须包含“程序模块编码”,Syslog服务端使用该编码区分发送消息的程序来源。建议选择默认值local0。</p> </td> </tr> <tr class="row"> <td class="entry" headers="bySyslog__table_ppj_r1m_psb__entry__1 "> <p class="p">严重等级</p> </td> <td class="entry" headers="bySyslog__table_ppj_r1m_psb__entry__2 "> <p class="p">等级分为Emergency、Alert、Critical、Error、Warning、Notice、Informational、Debug。配置后,向Syslog发送的日志的严重等级即为配置的严重等级。</p> </td> </tr> <tr class="row"> <td class="entry" headers="bySyslog__table_ppj_r1m_psb__entry__1 "> <p class="p">审计日志警模板</p> </td> <td class="entry" headers="bySyslog__table_ppj_r1m_psb__entry__2 "> <p class="p">设置发送审计日志的模板,具体字段请依据<span class="ph uicontrol">填写说明</span>编辑。</p> </td> </tr> <tr class="row"> <td class="entry" headers="bySyslog__table_ppj_r1m_psb__entry__1 "> <p class="p">告警日志模板</p> </td> <td class="entry" headers="bySyslog__table_ppj_r1m_psb__entry__2 "> <p class="p">设置发送告警日志的模板,具体字段请依据<span class="ph uicontrol">填写说明</span>编辑。</p> </td> </tr> <tr class="row"> <td class="entry" headers="bySyslog__table_ppj_r1m_psb__entry__1 "> <p class="p">会话日志模板</p> </td> <td class="entry" headers="bySyslog__table_ppj_r1m_psb__entry__2 "> <p class="p">设置发送会话日志的模板,具体字段请依据<span class="ph uicontrol">填写说明</span>编辑。</p> </td> </tr> </tbody></table> </div> </li><li class="li step stepexpand"> <span class="ph cmd">单击<span class="ph uicontrol">保存</span>。</span> </li><li class="li step stepexpand"> <span class="ph cmd">将配置好的日志外送接口挂载到指定数据库资产上:</span> <ol type="a" class="ol substeps" id="bySyslog__substeps_fg1_myl_psb"> <li class="li substep substepexpand"> <span class="ph cmd">在<span class="ph uicontrol">日志外送任务管理</span>区域单击<span class="ph uicontrol">新增</span>。</span> <div class="itemgroup info"> <img class="image" id="bySyslog__image_zy4_hbm_psb" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222103110011-1e61fe719e65.png" width="700"> </div> </li> <li class="li substep substepexpand"> <span class="ph cmd">在弹出的<span class="keyword wintitle">新增日志外送任务</span>对话框中新增日志外送任务。</span> <div class="itemgroup info"> <img class="image" id="bySyslog__image_m3n_3bm_psb" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222103110011-1d9529a69a64.png" width="450"> <table class="table" id="bySyslog__table_tzw_jbm_psb"><caption></caption><colgroup><col style="width:31.948881789137378%"><col style="width:68.05111821086261%"></colgroup><thead class="thead"> <tr class="row"> <th class="entry" id="bySyslog__table_tzw_jbm_psb__entry__1"> <p class="p">配置项</p> </th> <th class="entry" id="bySyslog__table_tzw_jbm_psb__entry__2">说明</th> </tr> </thead><tbody class="tbody"> <tr class="row"> <td class="entry" headers="bySyslog__table_tzw_jbm_psb__entry__1 "> <p class="p">资产</p> </td> <td class="entry" headers="bySyslog__table_tzw_jbm_psb__entry__2 "> <p class="p">选择要发送日志信息的资产,可选择多个。</p> </td> </tr> <tr class="row"> <td class="entry" headers="bySyslog__table_tzw_jbm_psb__entry__1 "> <p class="p">日志类型</p> </td> <td class="entry" headers="bySyslog__table_tzw_jbm_psb__entry__2 "> <p class="p">选择要发送的日志类型,包括审计日志、告警日志和会话日志。</p> </td> </tr> <tr class="row"> <td class="entry" headers="bySyslog__table_tzw_jbm_psb__entry__1 "> <p class="p">外送接口</p> </td> <td class="entry" headers="bySyslog__table_tzw_jbm_psb__entry__2 "> <p class="p">选择配置Syslog日志外送接口,关于Syslog日志外送接口的配置请参见步骤3和步骤4。</p> </td> </tr> </tbody></table> </div> </li> <li class="li substep substepexpand"> <span class="ph cmd">单击<span class="ph uicontrol">确定</span>。</span> </li> </ol> </li></ol></section>
以上内容是否解决了您的问题?
请补全提交信息!
联系我们

电话咨询

400-151-8800

邮件咨询

fincloud@ocft.com

在线客服

工单支持

解决云产品相关技术问题