整个配置分成两部分，一个是 rsyslog 的 rsyslog.conf 文件设置，另一个是catalyst交换机配置文件的设置，以下实例用的是 centos6.6 以及catalyst2960/3750 做的。 centos日志服务器的ip地址是192.168.1.2

rsyslog.conf 文件设置(rsyslog.conf设置完保存后要在系统提示符后输入 chkconfig  rsyslog on ，以及 service rsyslog start 这两个命令，来开机加载这个服务)：

[root@luo2 ~]# cat /etc/rsyslog.conf

#### MODULES ####

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
#$ModLoad immark  # provides --MARK-- message capability

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514


#### GLOBAL DIRECTIVES ####

# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on

# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf


#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog


# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 *

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/cisco/3750        #这些文件夹及文件不用手工建立,重启rsyslog后系统会自动建立这些文件夹及文件
local6.*                                                /var/log/cisco/2960

————————————————————————————————————————————————————————————————

catalyst 3750 running-config 与日志相关的设置：
!
logging facility local7             #和rsyslog.conf 文件设置要一致
logging trap debugging        #日志消息根据规范分为0-7级，如果trap后跟debugging，意味着产生的所有级别的日志都要输出
logging 192.168.1.2            #如果有几台日志服务器，那么这条命令可以重复输入，只是后面的ip是相应日志服务器的ip

catalyst 2960 running-config 与日志相关的设置：
!
logging facility local6             #和rsyslog.conf 文件设置要一致，如果没有出现这一行,那么就意味着是默认值：logging facility local7
logging trap debugging       
logging 192.168.1.2