Centos7下搭建H3C log服务器

rsyslog+H3C

安装rsyslog服务器

关闭防火墙

systemctl stop firewalld && systemctl disable firewalld
1

关闭selinux

sed -i 's/enforcing/disabled/' /etc/selinux/config && setenforce 0
1

centos7服务器，通过yum安装rsyslog

yum -y install rsyslog    
1

建立日志存放路径

mkdir -p /data/h3c/log         
1

建立日志文件

touch /data/h3c/log/switch_log      
1

修改rsyslog配置文件

vi /etc/rsyslog.conf   
1

#去掉注释
$ModLoad imudp 
$UDPServerRun 514                    #允许客户端通过udp:514 端口连接
$IncludeConfig /etc/rsyslog.d/*.conf
*.info;mail.none;authpriv.none;cron.none                /var/log/messages
authpriv.*                                              /var/log/secure
mail.*                                                  -/var/log/maillog
cron.*                                                  /var/log/cron
*.emerg                                                 *
uucp,news.crit                                          /var/log/spooler
local7.*                                                /var/log/boot.log

#添加以下内容
SYSLOGD_OPTIONS="-c 2 -r -x -m 180"
KLOGD_OPTIONS="-x"
local7.info /data/h3c/log/switch_log
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

交换机配置

配置每台交换机的日志接收，需要登录每台交换机执行以下命令（info-center loghost 172.16.0.10，这边IP需要配日志服务器的IP），操作都是重复的，利用python脚本一键执行即可：

system-view
info-center loghost 172.16.0.10
info-center enable 
save force
1
2
3
4

在centos7服务器，创建python脚本执行配置，
1. 创建python脚本文件：h3c_script.py

vi h3c_script.py
1

3. 赋权：

chmod +x h3c_script.py
1

3. 脚本内容如下：

#!/usr/bin/env python3

#先安装pip3 install paramiko
import paramiko

# 创建SSH客户端
ssh_client = paramiko.SSHClient()

# 自动添加主机密钥（选项，根据需求使用）
ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy())

# 交换机的IP地址列表
switches = [
    # 用您实际的交换机IP地址替换这些
    	"192.168.100.1",
        "192.168.100.2",
        "192.168.100.3",
        "192.168.100.5",
        "192.168.100.10",
        "192.168.100.11",
        "192.168.100.12",
        "192.168.100.13",
        "192.168.100.14",
        "192.168.100.15",
        "192.168.100.16",
        "192.168.100.20",
        "192.168.100.21",
        "192.168.100.22",
        "192.168.100.23",
        "192.168.100.24",
        "192.168.100.25",
        "192.168.100.26",
        "192.168.100.27",
        "192.168.100.28",
        "192.168.100.30",
        "192.168.100.31",
        "192.168.100.40",
        "192.168.100.41",
        "192.168.100.50",
        "192.168.100.51",
        "192.168.100.52",
        "192.168.100.60",
        "192.168.100.63",
        "192.168.100.64",
        "192.168.100.65",
        "192.168.100.66",
    ]  


# SSH登录凭据，填交换机登录账户密码
username = "账号"
password = "密码"

# 连接每台交换机并执行命令
for switch_ip in switches:
    try:
        ssh_client.connect(switch_ip, username=username, password=password)
        ssh_shell = ssh_client.invoke_shell()

        # 执行命令
        ssh_shell.send("system-view\n")
        ssh_shell.send("info-center loghost 172.16.0.10\n")
        ssh_shell.send("info-center enable\n")
        ssh_shell.send("save force\n")

        # 等待命令执行完成
        while not ssh_shell.recv_ready():
            pass

        # 关闭连接
        ssh_client.close()

        print(f"Commands executed on {switch_ip}")
    except Exception as e:
        print(f"Failed to execute commands on {switch_ip}: {str(e)}")

# 关闭SSH客户端
ssh_client.close()

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79

4. 配置完，登录服务器，测试日志接收情况

 tail -f /data/log/h3c/switch_log
1