说明:这里是Linux服务综合搭建文章的一部分,本文可以作为单独搭建rsyslog日志服务器的参考。
注意:这里所有的标题都是根据主要的文章(Linux基础服务搭建综合)的顺序来做的。
如果需要查看相关软件版本和主机配置要求,请根据目录自行查看。
Linux服务综合搭建的文章目录
====================================================
5、foundation通过Rsyslog搭建集中日志服务器
8、rhel7 JAVA web环境搭建(使用Tomcat8整合httpd)
10、foundation配置kerberos和NTP服务以及安全的NFS挂载
====================================================
主机角色说明
5、foundation通过Rsyslog搭建集中日志服务器
5.1 数据存放在日志文本文件中
5.1.1 检查有没有安装rsyslog (默认都是安装了的并且开机自启动)
5.1.2 配置文件解析
服务器端配置文件配置选项解析: [root@localhost samba]# vim /etc/rsyslog.conf $ModLoad imuxsock # provides support for local system logging (e.g. via logger command) $ModLoad imjournal # provides access to the systemd journal #####开启udp接收日志 $ModLoad imudp $UDPServerRun 514 $template RemoteHost,"/data/syslog/%$YEAR%-%$MONTH%-%$DAY%/%FROMHOST-IP%.log" *.* ?RemoteHost & ~ ####开启tcp协议接受日志 $ModLoad imtcp $InputTCPServerRun 514 $WorkDirectory /var/lib/rsyslog $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat #######启用/etc/rsyslog.d/*.conf目录下所有以.conf结尾的配置文件 $IncludeConfig /etc/rsyslog.d/*.conf $OmitLocalLogging on $IMJournalStateFile imjournal.state *.info;mail.none;authpriv.none;cron.none /var/log/messages authpriv.* /var/log/secure mail.* -/var/log/maillog cron.* /var/log/cron *.emerg :omusrmsg:* uucp,news.crit /var/log/spooler local7.* /var/log/boot.log local0.* /etc/keepalived/keepalived.log
客户端配置文件配置选项解析 [root@server98 log]# grep -v "^$" /etc/rsyslog.conf | grep -v "^#" $ModLoad imuxsock # provides support for local system logging (e.g. via logger command) $ModLoad imjournal # provides access to the systemd journal $WorkDirectory /var/lib/rsyslog $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat $template myFormat,"%timestamp% %fromhost-ip% %msg% " #自定义模板的相关信息 $IncludeConfig /etc/rsyslog.d/*.conf $OmitLocalLogging on $IMJournalStateFile imjournal.state *.* @172.25.0.55:514 #该声明告诉rsyslog守护进程,将系统上各个设备的各种日志的所有消息路由到远程rsyslog服务器(172.25.0.55)的UDP端口514。@@是通过tcp传输,一个@是通过udp传输。 *.info;mail.none;authpriv.none;cron.none /var/log/messages authpriv.* /var/log/secure mail.* -/var/log/maillog cron.* /var/log/cron *.emerg :omusrmsg:* uucp,news.crit /var/log/spooler local7.* /var/log/boot.log local0.* /etc/keepalived/keepalived.log
:FROMHOST-IP, isequal, "10.26.44.206" /var/log/10.26.44.206.log :FROMHOST-IP, isequal, "11.40.169.210" /var/log/11.40.169.210.log a:$template Remote,"/date/log/%fromhost-ip%_%$YEAR%-%$MONTH%-%$DAY%.log" b.$template Remote,"/data/log/%fromhost-ip%_%$YEAR%-%$MONTH%-%$DAY%.log" 定义模板,接受日志文件路径,区分了不同主机的日志 c.:fromhost-ip, !isequal, "127.0.0.1" ?Remote 过滤server 本机的日志 最简单的办法; $template myFormat,"%timestamp% %fromhost-ip%%msg% " $template Remote,"/var/log/%fromhost-ip%_%$YEAR%-%$MONTH%-%$DAY%.log" :fromhost-ip, !isequal, "127.0.0.1" -?Remote;myFormat
5.1.3 客戶端重要配置
[root@rhel7 log]# grep -v "^#" /etc/rsyslog.conf | grep -v "^$" $ModLoad imuxsock # provides support for local system logging (e.g. via logger command) $ModLoad imjournal # provides access to the systemd journal $template myFormat,"%timestamp% %fromhost-ip% %msg% " $WorkDirectory /var/lib/rsyslog $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat $IncludeConfig /etc/rsyslog.d/*.conf $OmitLocalLogging on $IMJournalStateFile imjournal.state *.* @172.25.0.55:514 *.info;mail.none;authpriv.none;cron.none /var/log/messages authpriv.* /var/log/secure mail.* -/var/log/maillog cron.* /var/log/cron *.emerg :omusrmsg:* uucp,news.crit /var/log/spooler local7.* /var/log/boot.log
5.1.4 服务端重要配置
[root@foundation 2019-07-01]# grep -v "^#" /etc/rsyslog.conf | grep -v "^$" $ModLoad imuxsock # provides support for local system logging (e.g. via logger command) $ModLoad imjournal # provides access to the systemd journal $ModLoad imudp $UDPServerRun 514 $ModLoad imtcp $InputTCPServerRun 514 $template RemoteHost,"/var/log/rsyslog/%$YEAR%-%$MONTH%-%$DAY%/%FROMHOST-IP%.log" *.* ?RemoteHost & ~ $WorkDirectory /var/lib/rsyslog $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat $IncludeConfig /etc/rsyslog.d/*.conf $OmitLocalLogging on $IMJournalStateFile imjournal.state *.info;mail.none;authpriv.none;cron.none /var/log/messages authpriv.* /var/log/secure mail.* -/var/log/maillog cron.* /var/log/cron *.emerg :omusrmsg:* uucp,news.crit /var/log/spooler local7.* /var/log/boot.log
5.2 rsyslog使用数据库作为存储介质
注意:客户端配置和前面一致即可。
5.2.1 配置
服务端仅做下面的配置即可。
1 [root@foundation ~]# yum install rsyslog-mysql
使用脚本创建数据库:
[root@foundation ~]# mysql -ursyslog -h127.0.0.1 -p </usr/share/doc/rsyslog-8.24.0/mysql-createDB.sql Enter password:
为Rsyslog创建数据库账户
mysql> set global validate_password_policy=0; Query OK, 0 rows affected (0.00 sec) mysql> set global validate_password_length=4; Query OK, 0 rows affected (0.00 sec) mysql> GRANT ALL ON Syslog.* TO 'rsyslog'@'127.0.0.1' IDENTIFIED BY 'test'; Query OK, 0 rows affected, 1 warning (0.01 sec) mysql> GRANT ALL ON Syslog.* TO 'rsyslog'@'localhost' IDENTIFIED BY 'test'; Query OK, 0 rows affected, 1 warning (0.01 sec) mysql> flush privileges; Query OK, 0 rows affected (0.00 sec)
在/etc/rsyslog.conf中加入如下配置
重启rsyslogd
1 systemctl restart rsyslog.service 2 systemctl enable rsyslog.service
5.2.2 测试
使用rsyslog用户登录数据库后查看
部分截图
5.2.3 附MySQL导入导出SQL文件
导出整个数据库中的所有数据: 1、在linux命令行下输入: mysqldump -u userName -p dabaseName > fileName.sql fileName.sql最好加上路径名 导出数据库中的某个表的数据: mysqldump -u userName -p dabaseName tableName > fileName.sql 导出整个数据库中的所有的表结构 在linux命令行下输入: mysqldump -u userName -p -d dabaseName > fileName.sql 注意:是加了-d 导出整个数据库中某个表的表结构 在linux命令行下输入: mysqldump -u userName -p -d dabaseName tableName > fileName.sql 注意:是加了-d 导入mysql方法1(测试好用) 进入linux命令命令行下: mysql -u root -p 回车 输入密码 mysql> use weifang mysql> source /home/user/data/fileName.sql 注意fileName.sql要有路径名,例如:source /home/user/data/fileName.sql 导入mysql方法2(测试一次,导入数据后占空间异常大,还需验证) 进入linux命令命令行下: mysql -uroot -p database < fileName.sql 注意fileName.sql要有路径名
最后希望大家提意见、转发、评论和交流!!!