rsyslog+H3C

安装rsyslog服务器

关闭防火墙

systemctl stop firewalld && systemctl disable firewalld

关闭selinux

sed -i 's/enforcing/disabled/' /etc/selinux/config && setenforce 0

centos7服务器，通过yum安装rsyslog

yum -y install rsyslog    

建立日志存放路径

mkdir -p /data/h3c/log         

建立日志文件

touch /data/h3c/log/switch_log      

修改rsyslog配置文件

vi /etc/rsyslog.conf   

#去掉注释
$ModLoad imudp 
$UDPServerRun 514                    #允许客户端通过udp:514 端口连接
$IncludeConfig /etc/rsyslog.d/*.conf
*.info;mail.none;authpriv.none;cron.none                /var/log/messages
authpriv.*                                              /var/log/secure
mail.*                                                  -/var/log/maillog
cron.*                                                  /var/log/cron
*.emerg                                                 *
uucp,news.crit                                          /var/log/spooler
local7.*                                                /var/log/boot.log#添加以下内容
SYSLOGD_OPTIONS="-c 2 -r -x -m 180"
KLOGD_OPTIONS="-x"
local7.info /data/h3c/log/switch_log

交换机配置

配置每台交换机的日志接收，需要登录每台交换机执行以下命令（info-center loghost 172.16.0.10，这边IP需要配日志服务器的IP），操作都是重复的，利用python脚本一键执行即可：

system-view
info-center loghost 172.16.0.10
info-center enable 
save force

在centos7服务器，创建python脚本执行配置，
1. 创建python脚本文件：h3c_script.py

vi h3c_script.py

3. 赋权：

chmod +x h3c_script.py

3. 脚本内容如下：

#!/usr/bin/env python3#先安装pip3 install paramiko
import paramiko# 创建SSH客户端
ssh_client = paramiko.SSHClient()# 自动添加主机密钥（选项，根据需求使用）
ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy())# 交换机的IP地址列表
switches = [# 用您实际的交换机IP地址替换这些"192.168.100.1","192.168.100.2","192.168.100.3","192.168.100.5","192.168.100.10","192.168.100.11","192.168.100.12","192.168.100.13","192.168.100.14","192.168.100.15","192.168.100.16","192.168.100.20","192.168.100.21","192.168.100.22","192.168.100.23","192.168.100.24","192.168.100.25","192.168.100.26","192.168.100.27","192.168.100.28","192.168.100.30","192.168.100.31","192.168.100.40","192.168.100.41","192.168.100.50","192.168.100.51","192.168.100.52","192.168.100.60","192.168.100.63","192.168.100.64","192.168.100.65","192.168.100.66",]  # SSH登录凭据，填交换机登录账户密码
username = "账号"
password = "密码"# 连接每台交换机并执行命令
for switch_ip in switches:try:ssh_client.connect(switch_ip, username=username, password=password)ssh_shell = ssh_client.invoke_shell()# 执行命令ssh_shell.send("system-view\n")ssh_shell.send("info-center loghost 172.16.0.10\n")ssh_shell.send("info-center enable\n")ssh_shell.send("save force\n")# 等待命令执行完成while not ssh_shell.recv_ready():pass# 关闭连接ssh_client.close()print(f"Commands executed on {switch_ip}")except Exception as e:print(f"Failed to execute commands on {switch_ip}: {str(e)}")# 关闭SSH客户端
ssh_client.close()

4. 配置完，登录服务器，测试日志接收情况

 tail -f /data/log/h3c/switch_log