Solaris配置syslog服务方法在/etc/syslog.conf文件中加入一行。

*.emerg;*.alert;*.crit;*.err;*.warning;*.notice;*.info;*.debug @10.212.41.75其中@loghost在hosts文件中定义，vi /etc/hosts。

在其中加入一行：10.212.41.86 loghost 重起syslog服务：/etc/init.d/syslog stop/etc/init.d/syslog startsvcadm restart system/system-log solaris10svcadm restart svc:/system/system-log:default使syslog记录tcp等网络服务日志。

修改/etc/init.d/inetsvc。

找到inetd那行改为：/usr/sbin/inetd -s -t &重启inetd：/etc/init.d/inetsvc stop/etc/init.d/inetsvc startHP UNIX配置syslog服务方法打开inetd日志功能在/etc/rc.config.d/netdaemons中的INETD_ARGS 环境变量中增加－l参数:export INETD_ARGS=-l修改syslog配置文件syslog.conf，加入*.emerg;*.alert;*.crit;*.err;*.warning;*.notice;*.info;*.debug @loghost在hosts文件中加入10.212.41.86 loghost重启syslog服务：/sbin/init.d/syslogd stop/sbin/init.d/syslogd startIBM AIX配置syslog服务方法修改syslog配置文件/etc/syslog.conf，加入*.emerg;*.alert;*.crit;*.err;*.warning;*.notice;*.info;*.debug @loghost在hosts文件中加入10.212.41.86 loghost重启syslog服务：stopsrc -s syslogdstartsrc –s syslogdSUSE10配置syslog服务vim /etc/syslog-ng/syslog-ng.conf#定义日志类型：filter f_login { level(info) and facility(auth); };filter f_boco { level(warn, err, crit, alert, emerg) and not filter(f_iptables); };#配置日志转发：destination allmessages {udp("10.212.41.87" port(514)); };log { source(src); filter(f_boco); destination(allmessages); };log { source(src); filter(f_login); destination(allmessages); };重启日志服务：/etc/init.d/syslog restartLinux Syslog日志配置在/etc/syslog.conf文件中加入一行。

*.emerg;*.alert;*.crit;*.err;*.warning;*.notice;*.info;*.debug @10.212.41.75其中@loghost在hosts文件中定义，vi /etc/hosts。

在其中加入一行：10.212.41.86 loghost 重起syslog服务：service syslog startservice syslog stopPIX防火墙配置syslog服务方法第一步：指定一台主机接收log信息logging host [interface] ip_address [tcp[/port] | udp[/port]] [format emblem]For example:logging host dmz1 10.212.41.86可以指定多台服务器来接收log信息，这样当一台服务器不在线的时候其它的服务器仍可以接收信息。

第二步：设置log级别。

logging trap severity_level (1-7)第三步：如果想在信息中包含设备的ID使用如下命令logging device-id {hostname | ipaddress if_name | string text}包含特定设备的ID（设备的名字，和特定接口的IP或者一个字串）Cisco交换机设置syslog方法device#conf tdevice(config)#logging ondevice(config)#logging a.b.c.d //日志服务器的IP地址device(config)#logging facility local1//facility标识, RFC3164 规定的本地设备标识为local0 - local7device(config)#logging trap errors //日志记录级别，可用"?"查看详细内容device(config)#logging source-interface e0 //日志发出用的源IP地址device(config)#service timestamps log datetime localtime//日志记录的时间戳设置，可根据需要具体配置检验device#sh loggingcisco交换机日志样本11/24/06 09:43:16 [10.0.0.254] (local7.notice) 297: 1w4d: %SYS-5-CONFIG_I: Configured from console by vty0 (10.0.0.21)11/24/06 09:46:41 [10.0.50.1] (local7.notice) 769740: 2y5w: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/17, changed state to down11/24/06 09:46:42 [10.0.50.1] (local7.err) 769741: 2y5w: %LINK-3-UPDOWN: Interface FastEthernet0/17, changed state to down11/24/06 09:46:47 [10.0.50.1] (local7.err) 769742: 2y5w: %LINK-3-UPDOWN: Interface FastEthernet0/17, changed state to up11/24/06 09:46:47 [10.0.50.1] (local7.notice) 769743: 2y5w: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/17, changed state to up11/24/06 09:46:53 [10.0.50.1] (local7.notice) 769744: 2y5w: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/17, changed state to down11/24/06 09:46:55 [10.0.50.1] (local7.notice) 769745: 2y5w: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/17, changed state to up11/24/06 10:06:16 [10.0.50.1] (local7.notice) 769746: 2y5w: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/19, changed state to down11/24/06 10:06:18 [10.0.50.1] (local7.notice) 769747: 2y5w: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/19, changed state to up11/24/06 10:06:46 [10.0.50.1] (local7.notice) 769748: 2y5w: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/19, changed state to down11/24/06 10:06:48 [10.0.50.1] (local7.notice) 769749: 2y5w: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/19, changed state to upWindows通过安装evtsys来实现evtsys命令介绍：Usage: evtsys.exe -i|-u|-d [-h host] [-p port] [-q char]-i Install service (安装服务)-u Uninstall service (卸载服务)-h host Name of log host (日志服务器IP地址)-p port Port number of syslogd (日志服务器端口，默认是514)-q char Quote messages with character将evtsys.dll和evtsys.exe拷贝到 c:\windows\system32目录下。

开始->运行：输入cmd，执行：evtsys.exe -i -h 10.212.41.86。

此地址为日志采集服务器的地址，不能更改。

启动该服务:C:\>net start evtsys策略配置开始->运行：输入gpedit.msc，进入“组策略”配置表：进入配置项：计算机配置->windows设置->安全设置->本地策略->审核策略选中下列项的成功和失败（审核登录事件、审核特权使用、审核账户登录事件）。