rsyslog日志服务器_php日志系统

2022-09-21 10:45:22 浏览数 (1)

大家好,又见面了,我是你们的朋友全栈君。

特性介绍:http://www.rsyslog.com/features/

下载: http://www.rsyslog.com/download/

本文内容来源于:

http://blog.csdn.net/xiangliangyu2008/article/details/8102064

===========================

Rsyslog

rsyslog可以理解为增强版的syslog,在syslog的基础上扩展了很多其他功能,如数据库支持(Mysql,PostgreSQL、Oracle等)、日志内容筛选、定义日志格式模板等。除了默认的udp协议外,rsyslog还支持tcp协议来接收日志,可以yum安装,也可以源码安装,下载地址:

http://www.rsyslog.com/download/

rsyslog功能很丰富,我只测了一部分,但这已经能够满足我的需求

a. mysql支持

rsyslog很多功能都是以模块的形式实现的,比如这个mysql支持,首先在编译的时候我们必须将这个模块编译进去,然后在/etc/rsyslog.conf加载”$ModLoad ommysql“,然后在指定哪些日志需要存放在数据里。在使用mysql模块前,我们需要手工建库、定义表,这些步骤手册里都有详细说明,操作起来也不难。

b. filter(日志筛选)

filter是rsyslog的一大亮点,通常情况下,我们并不是所有的日志都要收集,比如我们只需要error以下级别的日志、或者我们再要包含特定内容的日志。灵活运用filter我们可以很轻易地实现这些需求。下面举几个例子,使用方法手册里有详细介绍:

1 2

:msg, contains, “test_message” /var/log/test.log &~

如果日志内容包含”test_message”就存放在/var/log/test.log中,”&~”的意思是丢弃,不做后续处理。即使后面还有”:msg, contains,“test_message” /var/log/test2.log”,这条日志也不会再存在test2.log中。

1 2

if $msg contains ‘test_message’ then /var/log/test.log &~

上面的例子的另一种写法,用if的好处是可以定义一些复杂的条件匹配 filter非常的实用,syslog中仅仅定义的local0~local7几个用户自定义的facility。使用filter我们轻松解决自定义facility不够用的问题

c. template

使用template定义日志格式模板,可以规范不通的类型的日志,很方便我们查看,使用起来也很简单,但是template的定义必须放在rsyslog.conf的顶端。

1 2

$template myFormat,”%timestamp% %hostname% %pri-text% %msg%n” $ActionFileDefaultTemplate myFormat

第一行我们定义了一个名为myFormat的模板,第二行的意思是把我们定义的myFormat作为rsyslog的默认模板。如果只是需要在特定日志上套用这个模板可以这样写

1

$template myFormat,”%timestamp% %hostname% %pri-text% %msg%n”

用rsyslog的缘由:

1.防止系统崩溃无法获取系统日志分享崩溃原因,用rsyslog可以把日志传输到远程的日志服务器上

2.使用rsyslog日志可以减轻系统压力,因为使用rsyslog可以有效减轻系统的磁盘IO

3.rsyslog使用tcp传输非常可靠,可以对日志进行过滤,提取出有效的日志,rsyslog是轻量级的日志软件,在大量日志写的情况下,系统负载基本上在0.1以下

安装与使用

源码安装:

一、安装前准备

1.下载rsyslog-5.6.2

2.准备两台机器(linux或者unix),一台客户端,一台服务端

服务端和客户端的安装步骤:

1. #指定安装目录

2. ./configure –prefix=/Application/rsyslog

3.

4. #编译

5. make

6.

7. #安装

8. make install

9. #添加lib

10. echo “/Application/rsyslog/lib/rsyslog” >> /etc/ld.so.conf

11. #更新lib

12. ldconfig

13.

14. #产生配置文件

15. cp /etc/syslog.conf /etc/rsyslog.conf

#产生服务文件

vi/etc/init.d/rsyslog

1. #!/bin/bash

2. #

3. # rsyslog Starts rsyslogd/rklogd.

4. #

5. #

6. # chkconfig: – 12 88

7. # description: Syslog is the facility by which many daemons use to log

8. # messages to various system log files. It is a good idea to always

9. # run rsyslog.

10. ### BEGIN INIT INFO

11. # Provides: $syslog

12. # Required-Start: local_fs network

13. # Required-Stop: local_fs network

14. # Default-Stop: 0 1 2 3 4 5 6

15. # Short-Description: Enhanced system logging and kernel message trapping daemons

16. # Description: Rsyslog is an enhanced multi-threaded syslogd supporting,

17. # among others, MySQL, syslog/tcp, RFC 3195, permitted

18. # sender lists, filtering on any message part, and fine

19. # grain output format control.

20. ### END INIT INFO

21.

22. # Source function library.

23. basedir=/Application/rsyslog

24. moddir=/Application/rsyslog/lib/rsyslog/

25. rsyslogdfile=$basedir/sbin/rsyslogd

26. . /etc/init.d/functions

27.

28. RETVAL=0

29.

30. start() {

31. [ -x $rsyslogdfile ] || exit 5

32.

33. # Do not start rsyslog when sysklogd is running

34. if [ -e /var/run/syslogd.pid ] ; then

35. echo $“Shut down sysklogd before you run rsyslog”;

36. exit 1;

37. fi

38.

39. # Source config

40. if [ -f /etc/sysconfig/rsyslog ] ; then

41. . /etc/sysconfig/rsyslog

42. else

43. SYSLOGD_OPTIONS=“-M $moddir”

44. fi

45.

46. if [ -z “$SYSLOG_UMASK” ] ; then

47. SYSLOG_UMASK=077;

48. fi

49. umask $SYSLOG_UMASK

50.

51. echo -n $“Starting system logger: “

52. daemon rsyslogdfile SYSLOGD_OPTIONS

53. RETVAL=$?

54. echo

55. [ $RETVAL -eq 0 ] && touch /var/lock/subsys/rsyslog

56. return $RETVAL

57. }

58. stop() {

59. echo -n $“Shutting down system logger: “

60. killproc $rsyslogdfile

61. RETVAL=$?

62. echo

63. [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/rsyslog

64. return $RETVAL

65. }

66. reload() {

67. RETVAL=1

68. syslog=`cat /var/run/rsyslogd.pid 2>/dev/null`

69. echo -n “Reloading system logger…”

70. if [ -n “{syslog}” ] && [ -e /proc/“

71. kill -HUP “$syslog”;

72. RETVAL=$?

73. fi

74. if [ $RETVAL -ne 0 ]; then

75. failure

76. else

77. success

78. fi

79. echo

80. return $RETVAL

81. }

82. rhstatus() {

83. status rsyslogd

84. }

85. restart() {

86. stop

87. start

88. }

89.

90. case “$1” in

91. start)

92. start

93. ;;

94. stop)

95. stop

96. ;;

97. restart)

98. restart

99. ;;

100. reload|force-reload)

101. reload

102. ;;

103. status)

104. rhstatus

105. ;;

106. condrestart)

107. [ -f /var/lock/subsys/rsyslog ] && restart || :

108. ;;

109. *)

110. echo “Usage: 0 {start|stop|restart|reload|force-reload|condrestart}”

111. exit 2

112. esac

113.

114. exit $?

#启动服务

1. #产生服务文件

2. chmod x /etc/init.d/rsyslog

3. #启动前先把syslog停止

4. service syslog stop

5. service rsyslog start

#配置服务端

vi/etc/rsyslog.conf #在文件开始加上,同时确保514端口能够被客户端用tcp访问

1. #指定日志文件的拥有者

2. $FileOwner apache

3. #使用tcp方式

4. $ModLoad imtcp # needs to be done just once

5. #tcp接收连接数为500个

6. $InputTCPMaxSessions 500

7. #tcp接收信息的端口

8. $InputTCPServerRun 514

9.

10. #为信息加上日志时间

11. $template logformat,“%TIMESTAMP:::date-mysql% %FROMHOST-IP%%msg%n”

12. #定义的日志文件的名称,按照年月日

13. template DynFile,“/Application/sdns/log/%year%%month%%day%.log”

14. #把包含sdns_log标志的信息写到DynFile定义的日志文件里

15. :rawmsg, contains, “sdns_log” ?DynFile;logformat

16. #这个表示丢弃包含sdns_log标志的信息

17. :rawmsg, contains, “sdns_log” ~

配置客户端

vi/etc/rsyslog.conf #在文件开始加上

1. #把包含sdns_log的信息通过tcp发到192.168.1.2 @@表示tcp @表示udp

2. :rawmsg, contains, “sdns_log” @@192.168.1.2

3. #这个表示丢弃包含sdns_log标志的信息,防止这个信息写到本机的/var/log/message

4. :rawmsg, contains, “sdns_log” ~

测试:

在客户端上执行

logger-p user.info “sdns_log 34334”

在服务端的/Application/sdns/log/目录里是否有日志产生

Yum安装

服务端:192.168.12.98 Centos6.2

客户端:192.168.12.57 Centos5.5

服务端安装:

1. 安装rsyslog以及rsyslog-mysql接口支持:

#yum install -y rsyslog rsyslog-mysql

2. 修改配置

#vim /etc/rsyslog.conf

# if you experience problems, check

# http://www.rsyslog.com/troubleshoot for assistance

# rsyslog v3: load input modules

# If you do not load inputs, nothing happens!

# You may need to set the module load path if modulesare not found.

$ModLoad immark # provides –MARK– message capability

$ModLoad imuxsock # provides support for local systemlogging (e.g. via logger command)

$ModLoad imklog # kernel logging (formerly provided by rklogd)

# Log all kernel messages to the console.

# Logging much else clutters up the screen.

#kern.* /dev/console

# Log anything (except mail) of level info or higher.

# Don’t log private authentication messages!

*.info;mail.none;authpriv.none;cron.none -/var/log/messages

# The authpriv file has restricted access.

authpriv.* /var/log/secure

# Log all the mail messages in one place.

mail.* -/var/log/maillog

# Log cron stuff

cron.* -/var/log/cron

# Everybody gets emergency messages

*.emerg *

# Save news errors of level crit and higher in aspecial file.

uucp,news.crit -/var/log/spooler

# Save boot messages also to boot.log

local7.* /var/log/boot.log

# Remote Logging (we use TCP for reliable delivery)

# An on-disk queue is created for this action. If theremote host is

# down, messages are spooled to disk and sent when itis up again.

#$WorkDirectory /rsyslog/spool # where to place spoolfiles

#$ActionQueueFileName uniqName # unique name prefixfor spool files

#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)

#$ActionQueueSaveOnShutdown on # save messages todisk on shutdown

#$ActionQueueType LinkedList # run asynchronously

#$ActionResumeRetryCount -1 # infinite retries if host is down

# remote host is: name/ip:port, e.g. 192.168.0.1:514,port optional

#*.* @@192.168.12.14:514

# ######### Receiving Messages from Remote Hosts##########

# TCP Syslog Server:

# provides TCP syslog reception and GSS-API (ifcompiled to support it)

$ModLoad imtcp.so # load module

$InputTCPServerRun 514 # start up TCP listener atport 514

#tcp接收连接数为500个

$InputTCPMaxSessions 500

# UDP Syslog Server:

#$ModLoad imudp.so # provides UDP syslog reception

#$UDPServerRun 514 # start a UDP syslog server atstandard port 514

##为信息加上日志时间

#$template logformat,”%TIMESTAMP:::date-mysql%%FROMHOST-IP%%msg%n”

##定义的日志文件的名称,按照年月日

#templateDynFile,”/Application/sdns/log/%year%%month%%day%.log”

##把包含sdns_log标志的信息写到DynFile定义的日志文件里

#:rawmsg, contains, “sdns_log”?DynFile;logformat

##这个表示丢弃包含sdns_log标志的信息

#:rawmsg, contains, “sdns_log” ~

3. 开启接收远程信息:

#vim /etc/sysconfig/rsyslog

修改成:SYSLOGD_OPTIONS=”-m0 –r”

4. 确保防火墙没有阻止

直接关闭防火墙

或者

iptables -I INPUT -p tcp -m state –state NEW -m tcp -dport514 -j ACCEPT

5. 关闭syslog

#service syslog stop

6. 开启rsyslog

#service rsyslog start

客户端安装:

1. 安装rsyslog

#yum install -y rsyslog

2. 修改配置

#vim /etc/rsyslog.conf

# Use traditional timestamp format

$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# Provides kernel logging support (previously done byrklogd)

$ModLoad imklog

# Provides support for local system logging (e.g. vialogger command)

$ModLoad imuxsock

# Log all kernel messages to the console.

# Logging much else clutters up the screen.

#kern.* /dev/console

# Log anything (except mail) of level info or higher.

# Don’t log private authentication messages!

*.info;mail.none;authpriv.none;cron.none /var/log/messages

# The authpriv file has restricted access.

authpriv.* /var/log/secure

# Log all the mail messages in one place.

mail.* -/var/log/maillog

# Log cron stuff

cron.* /var/log/cron

# Everybody gets emergency messages

*.emerg *

# Save news errors of level crit and higher in aspecial file.

uucp,news.crit /var/log/spooler

# Save boot messages also to boot.log

local7.* /var/log/boot.log

$ModLoad imtcp.so # load module

$InputTCPServerRun 514 # start up TCP listener at port514

#把包含sdns_log的信息通过tcp发到192.168.1.2@@表示tcp @表示udp

#:rawmsg, contains, “sdns_log”@@192.168.1.2

#这个表示丢弃包含sdns_log标志的信息,防止这个信息写到本机的/var/log/message

#:rawmsg, contains, “sdns_log” ~

# @@表示tcp @表示udp

*.*;mail.none;authpriv.none;cron.none @@192.168.12.98

authpriv.* @@192.168.12.98

*.emerg @@192.168.12.98

3. 关闭syslog

#service syslog stop

4. 开启rsyslog

#service rsyslog start

都配置好了,测试:

在客户端上执行:

logger -p user.info “sdns_log34334”

到服务端去看/var/log/message

也可参考如下链接:

http://yifangyou.blog.51cto.com/900206/609330

http://blog.csdn.net/gui694278452/article/details/7755296

http://xmgu2008.blog.163.com/blog/static/1391223802010518115219906/

http://blog.csdn.net/hxh129/article/details/8089474

发布者:全栈程序员栈长,转载请注明出处:https://javaforall.cn/170605.html原文链接:https://javaforall.cn

0 人点赞