• centos7设置rsyslog日志服务集中服务器


    centos7设置rsyslog日志服务集中服务器


    环境:centos6.9_x86_64,自带的rsyslog版本是7.4.7,很多配置都不支持,于是进行升级后配置

    # 安装新版本的rsyslog程序
    wget http://rpms.adiscon.com/v8-stable/rsyslog.repo
    mv rsyslog.repo /etc/yum.repos.d/rsyslog.repo
    yum install rsyslog* --skip-broken

    [root@:/etc]# rsyslogd -ver
    rsyslogd 8.1907.0 (aka 2019.07) compiled with:
    PLATFORM: x86_64-redhat-linux-gnu
    PLATFORM (lsb_release -d):
    FEATURE_REGEXP: Yes
    GSSAPI Kerberos 5 support: Yes
    FEATURE_DEBUG (debug build, slow code): No
    32bit Atomic operations supported: Yes
    64bit Atomic operations supported: Yes
    memory allocator: system default
    Runtime Instrumentation (slow code): No
    uuid support: Yes
    systemd support: Yes
    Config file: /etc/rsyslog.conf
    PID file: /var/run/syslogd.pid
    Number of Bits in RainerScript integers: 64

    See https://www.rsyslog.com for more information.


    服务端的配置:

    [root:/etc]# egrep -v '^#|^$' /etc/rsyslog.conf
    $ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
    $ModLoad imklog # reads kernel messages (the same are read from journald)
    $ModLoad imudp
    $UDPServerRun 514
    $ModLoad imtcp
    $InputTCPServerRun 514
    $WorkDirectory /var/lib/rsyslog
    $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
    $DirCreateMode 0755
    $FileCreateMode 0644
    $Umask 0022
    $IncludeConfig /etc/rsyslog.d/*.conf
    $template slog, "%$year%%$month%%$day%%$hour%%$minute% %msg:R,ERE,3,DFLT:(SLOG|ALOG|BLOG)(_[a-zA-Z0-9]+)+s(.*)--end% "
    $template slogfile1, "/data/www/logs/%msg:R,ERE,1,DFLT:(SLOG|ALOG|BLOG)(_[A-Z0-9]+)+s.*--end:lowercase%/%msg:R,ERE,2,DFLT:(SLOG|ALOG|BLOG)_([A-Z0-9]+)(_[a-zA-Z0-9]+)*s.*--end:lowercase%/%msg:R,ERE,2,DFLT:(SLOG|ALOG|BLOG)_([A-Z0-9]+(_[a-zA-Z0-9]+)*)s.*--end:lowercase%/%$year%%$month%%$day%%$hour%%$minute%.log"
    $template slogfile2, "/data/www/logs/%msg:R,ERE,2,DFLT:(BLOG)_([A-Z0-9]+)(_[a-zA-Z0-9]+)*s.*--end:lowercase%/%msg:R,ERE,3,DFLT:(BLOG)_([A-Z0-9]+)_([a-zA-Z0-9]+)*s.*--end:lowercase%/%$year%%$month%%$day%.log"
    :msg, ereregex, "(S|A|B)LOG(_[A-Z0-9]+)+ " ?slogfile2;slog
    :msg, ereregex, "(S|A|B)LOG(_[A-Z0-9]+)+ " ~
    *.info;mail.none;authpriv.none;cron.none /var/log/messages
    authpriv.* /var/log/secure
    mail.* -/var/log/maillog
    cron.* /var/log/cron
    *.emerg :omusrmsg:*
    uucp,news.crit /var/log/spooler
    local7.* /var/log/boot.log
    $ActionQueueFileName fwdRule1 # unique name prefix for spool files
    $ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
    $ActionQueueSaveOnShutdown on # save messages to disk on shutdown
    $ActionQueueType LinkedList # run asynchronously
    $MainMsgQueueDiscardMark 2000000
    $MainMsgQueueHighWaterMark 1000000
    $MainMsgQueueLowWaterMark 800000
    $MainMsgQueueMaxDiskSpace 5g
    $MainMsgQueueSize 8000000
    $MainMsgQueueTimeoutEnqueue 0
    $MainMsgQueueSaveOnShutdown on


    # 客户端配置

    [root@:~]# egrep -v '^#|^$' /etc/rsyslog.conf
    $ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
    $ModLoad imjournal # provides access to the systemd journal
    $WorkDirectory /var/lib/rsyslog
    $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
    $IncludeConfig /etc/rsyslog.d/*.conf
    $OmitLocalLogging on
    $IMJournalStateFile imjournal.state
    *.info;mail.none;authpriv.none;cron.none /var/log/messages
    authpriv.* /var/log/secure
    mail.* -/var/log/maillog
    cron.* /var/log/cron
    *.emerg :omusrmsg:*
    uucp,news.crit /var/log/spooler
    # 服务端的ip地址
    local7.* @172.17.0.36:514
    *.* @@172.17.0.36:514


    # 客户端测试:
    [root@:~]# logger -t 'hello' 'jack'

    # 服务端观察,看到测试日志说明配置成功
    [root@:~]# tail -f /var/log/messages

    Jul 19 00:01:28 eus_pe_web03 hello: jack

    ###############

    收集客户端php的日志示例

    # 服务端配置

    # egrep -v '^#|^$' /etc/rsyslog.conf
    module(load="imuxsock") # provides support for local system logging (e.g. via logger command)
    module(load="imklog")   # provides kernel logging support (previously done by rklogd)
    $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
    $IncludeConfig /etc/rsyslog.d/*.conf
    *.info;mail.none;authpriv.none;cron.none                /var/log/messages
    authpriv.*                                              /var/log/secure
    mail.*                                                  /var/log/maillog
    cron.*                                                  /var/log/cron
    *.emerg                                                 :omusrmsg:*
    uucp,news.crit                                          /var/log/spooler
    local7.*                                                /var/log/boot.log
    $ModLoad imudp
    $UDPServerRun 514
    $AllowedSender UDP, 172.16.2.0/24

    $template dsformat,"%msg% "
    $ActionFileDefaultTemplate dsformat
     
    $FileOwner apache
    $FileGroup users
    $FileCreateMode 0755
    $DirCreateMode 0755
     
    $template RemoteLogs,"/data/www/logs/seaslogs/%fromhost-ip%/%fromhost-ip%_%$YEAR%-%$MONTH%-%$DAY%.log"
    :fromhost-ip, !isequal, "127.0.0.1" ?RemoteLogs
    & ~

    # php收集日志客户配置
    php.ini文件中加入如下配置:

    extension=seaslog.so
    seaslog.default_basepath = "/data/www/logs/php_log"
    seaslog.appender = 3
    seaslog.remote_host = "172.16.2.139"
    seaslog.remote_port = 514
    seaslog.remote_timeout = 3


    # 日志示例
    tail -f /data/www/logs/seaslogs/172.16.2.162/172.16.2.162_2020-05-22.log
    2020-05-21 21:09:26 | error | 28402 | 5ec75076d0848 | 1590120566.858 | api | MDM_CALLBACK | https://app-api.chinasoft.com/v1/mdm/server?s=mzXYPo5rkXv_bbWGHENH8eWNpEhGBLzdEE97GJDOpc9lGvLKNwiecn4nVjFwfthlQMYRmyzdYNtucDQcGIki7sFN78X1BET9Bj0JnLl2_AEkkf24KBySX4VvCBZNk3mU | member_id:1564595|device_id:210473|info:No Command!|data:<?xml version="1.0" encoding="UTF-8"?>#012<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">#012<plist version="1.0">#012<dict>#012#011<key>Status</key>#012#011<string>Idle</string>#012#011<key>UDID</key>#012#011<string>00008030-000E159E2239802E</string>#012</dict>#012</plist>#012|file:/data/www/vhosts/u.chinasoft.com/httpdocs/api/modules/app/v1/controllers/aa.php:304 |
    2020-05-22 04:09:53 | error | 27491 | 5ec75090c5a59 | 1590120593.14 | api | commoncomponentsMyMember::createUser | https://app-api.chinasoft.com/v1/member/auth-register?platform=1&password=616d72616e31313232&access_from=1&device_id=&username=hossaamran%40gamil.com&key=EE12071A4BC85EE516C78C38E78D1F14&client_sign=%7Bffffffff-b0a5-f417-ffff-ffffe29c55c9%7D&ishex=1&lang=en&request_token=227ad8fc4310251f03a269b648103056&adver=&timestamp=1590120589937&vc=56141efc387551c5bdf9d913b24601e7 | send register email failed |
    2020-05-21 21:11:01 | error | 27653 | 5ec750d55ee14 | 1590120661.394 | api | MDM_CALLBACK | https://app-api.chinasoft.com/v1/mdm/server?s=tIJ2oiOxqNXN6mAMCziUNiGcNHPUP3xcelvb7WvG9Ojdse118tISytwWD3AnlaVM12gF6cJ6fVf28FrWCiv_VYSZo7B0P8mdaGROSnGMnrk | member_id:14791|device_id:6592|info:No Command!|data:<?xml version="1.0" encoding="UTF-8"?>#012<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">#012<plist version="1.0">#012<dict>#012#011<key>Status</key>#012#011<string>Idle</string>#012#011<key>UDID</key>#012#011<string>ba4f79ee25780182175890ee11bbf0b5b946f693</string>#012</dict>#012</plist>#012|file:/data/www/vhosts/u.chinasoft.com/httpdocs/api/modules/app/v1/controllers/aa.php:304 |
    2020-05-21 21:14:49 | warning | 27931 | 5ec751b97ce22 | 1590120889.518 | api | DEBUG | https://data-api.chinasoft.com/v1/gather/log?member_id=&access_token=&client_sign=%7Bffffffff-c4ee-3548-ffff-ffffef05ac4a%7D&access_from=1&adsTag=google&lang=ar&vc=355a9bb8c8a87609e341352fabc63ff9&platform=1&key=EE12071A4BC85EE516C78C38E78D1F14&timestamp=1590120912616 | [#012    'member_id' => ''#012    'access_token' => ''#012    'client_sign' => '{ffffffff-c4ee-3548-ffff-ffffef05ac4a}'#012    'access_from' => '1'#012    'adsTag' => 'google'#012    'lang' => 'ar'#012    'vc' => '355a9bb8c8a87609e341352fabc63ff9'#012    'platform' => '1'#012    'key' => 'EE12071A4BC85EE516C78C38E78D1F14'#012    'timestamp' => '1590120912616'#012] |
    2020-05-21 21:17:10 | warning | 7412 | 5ec75246b96df | 1590121030.928 | frontend | DEMO_TRACK | https://u.chinasoft.com/sign-up.html?lang=en-US | 1576736 |
    2020-05-21 21:19:00 | error | 27742 | 5ec752b4ef3ff | 1590121140.985 | api | MDM_CALLBACK | https://app-api.chinasoft.com/v1/mdm/server?s=r1dDe0nRLurLslOPW1Xb3FvqS2-USbSSxB8jCWzajgChPpecaJcsietRMgh4Ilh1Q8Cna0iUl_FXsa8eyQH4EQQ9h0GcjT_E-eR7m2JC-vS1NcNY5wMs36xBumYra9-3 | member_id:1256223|device_id:175489|info:No Command!|data:<?xml version="1.0" encoding="UTF-8"?>#012<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">#012<plist version="1.0">#012<dict>#012#011<key>Status</key>#012#011<string>Idle</string>#012#011<key>UDID</key>#012#011<string>00008030-001624CE01D2802E</string>#012</dict>#012</plist>#012|file:/data/www/vhosts/u.chinasoft.com/httpdocs/api/modules/app/v1/controllers/aa.php:304 |
    2020-05-22 05:01:02 | error | 15699 | 5ec75c51cec01 | 1590123662.361 | console | VOIP_PUSH | N | get feedback list error |
    2020-05-22 05:01:02 | error | 15699 | 5ec75c51cec01 | 1590123662.361 | console | NORMAL_PUSH | N | get feedback list error |

  • 相关阅读:
    python关于字符串数据类型的方法
    python流程控制
    python解释器下载
    (转)蓝牙无线技术配置文件
    Android 编译选项user、userdebug和eng的区别
    (转)android4.0蓝牙使能的详细解析
    (转)Android Bluetooth opp package 学习笔记
    《深入理解Android(卷1)》笔记 1.第二章 深入理解JNI
    (转)Vim知识
    Android之Preference
  • 原文地址:https://www.cnblogs.com/reblue520/p/11213341.html
Copyright © 2020-2023  润新知