日志服务器(6)

2021-10-20 09:37:30 浏览数 (1)

创建 logger 用户并赋予相应权限

代码语言:javascript复制
mysql> grant all on Syslog.* to logger@localhost identified by '123456';
Query OK, 0 rows affected (0.02 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

mysql>

配置 rsyslog 服务端

代码语言:javascript复制
[root@h105 rsyslog-mysql-5.8.10]# grep -v "^#" /etc/rsyslog.conf | grep -v "^$"
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
*.info;mail.none;authpriv.none;cron.none                /var/log/messages
authpriv.*                                              /var/log/secure
mail.*                                                  -/var/log/maillog
cron.*                                                  /var/log/cron
*.emerg                                                 *
uucp,news.crit                                          /var/log/spooler
local7.*                                                /var/log/boot.log
$template SpiceTmpl,"%TIMESTAMP%.%TIMESTAMP:::date-subseconds% %syslogtag% %syslogseverity-text%:%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%n"
:programname, startswith, "spice-vdagent"	/var/log/spice-vdagent.log;SpiceTmpl
[root@h105 rsyslog-mysql-5.8.10]# vim /etc/rsyslog.conf 
[root@h105 rsyslog-mysql-5.8.10]# grep -v "^#" /etc/rsyslog.conf | grep -v "^$"
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
$ModLoad immark  # provides --MARK-- message capability
$ModLoad imudp
$UDPServerRun 514
$ModLoad ommysql
*.* :ommysql:localhost,Syslog,logger,123456
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
*.info;mail.none;authpriv.none;cron.none                /var/log/messages
authpriv.*                                              /var/log/secure
mail.*                                                  -/var/log/maillog
cron.*                                                  /var/log/cron
*.emerg                                                 *
uucp,news.crit                                          /var/log/spooler
local7.*                                                /var/log/boot.log
$template SpiceTmpl,"%TIMESTAMP%.%TIMESTAMP:::date-subseconds% %syslogtag% %syslogseverity-text%:%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%n"
:programname, startswith, "spice-vdagent"	/var/log/spice-vdagent.log;SpiceTmpl
[root@h105 rsyslog-mysql-5.8.10]#

前后的差异如下:

代码语言:javascript复制
[root@h105 rsyslog-mysql-5.8.10]# diff /tmp/before  /tmp/after
2a3,7
> $ModLoad immark  # provides --MARK-- message capability
> $ModLoad imudp
> $UDPServerRun 514
> $ModLoad ommysql
> *.* :ommysql:localhost,Syslog,logger,123456
[root@h105 rsyslog-mysql-5.8.10]#

主要就是打开了 udp 514 端口以接受其它服务器传来的日志,打开了往 mysql 中写数据的通道,然后打开一个产生 -- MARK -- 标记信息的特性

重启服务

代码语言:javascript复制
[root@h105 rsyslog-mysql-5.8.10]# /etc/init.d/rsyslog restart 
Shutting down system logger:                               [  OK  ]
Starting system logger:                                    [  OK  ]
[root@h105 rsyslog-mysql-5.8.10]#
udp mysql 服务端 权限 日志

0 人点赞