centos6-rsyslog使用

概述#

syslog是一种广泛应用在unix/linux等设备上的日志传输协议
如何采集各个机器的日志到日志集中存储及分析,通过rsyslog发送到rsyslog日志接收端,在进行解析接存储到数据库在分析

开干#

env#

  • centos6.x 2c4g x3
  • rsyslog
  • dis iptables

plan#

  • 172.24.20.51 rsyslog-sever
  • 172.24.20.50/52 rsyslog-sender

dis iptables#

Copy
service iptables stop && chkconfig iptables off

rsyslog#

Copy
# check installed
rpm -qa |grep rsyslog

[root@c6-172-24-20-50 ~]# rpm -ql rsyslog |grep etc
/etc/logrotate.d/syslog
/etc/pki/rsyslog
/etc/rc.d/init.d/rsyslog

/etc/rsyslog.conf
/etc/rsyslog.d
/etc/sysconfig/rsyslog

default already installed

server#

add args

Copy
vim /etc/sysconfig/rsyslog
#SYSLOGD_OPTIONS="-c 5"
SYSLOGD_OPTIONS="-m 0 -r"

config

Copy
/etc/rsyslog.conf

#### MODULES ####
$ModLoad imtcp
$InputTCPServerRun 514

#### GLOBAL DIRECTIVES ####
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

$template Remote, "/opt/log/%fromhost-ip%/%fromhost-ip%_%$YEAR%-%$MONTH%-%$DAY%.log"
:fromhost-ip, !isequal, "127.0.0.1" ?Remote
& ~

restart rsyslog

Copy
service rsyslog start|stop|restart|status

client#

Copy
# add send all log to server
vim /etc/rsyslog.conf

#send all log
#*.*     @172.24.20.51    # @172.24.20.51:514 @是udp协议
#*.*     @@172.24.20.51   # @@172.24.20.51:514 @@是tcp协议

# ### begin forwarding rule ###

$WorkDirectory /var/lib/rsyslog # where to place spool files
$ActionQueueFileName fwdRule1 # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g   # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
$ActionQueueType LinkedList   # run asynchronously
$ActionResumeRetryCount -1    # infinite retries if host is down

*.* @@172.24.20.51:514
# ### end of the forwarding rule ###

restart rsyslog

Copy
service rsyslog restart

testing#

Copy
[root@c6-172-24-20-51 ~]# cd /opt/log/
[root@c6-172-24-20-51 log]# ll
total 8
drwx------ 2 root root 4096 Feb 23 17:59 172.24.20.50
drwx------ 2 root root 4096 Feb 23 21:21 172.24.20.52
[root@c6-172-24-20-51 log]# ll 172.24.20.50/
total 260
-rw------- 1 root root 264776 Feb 23 22:03 172.24.20.50_2022-02-23.log

tail -F 172.24.20.50_2022-02-23.log

restart 20.50/ retry login linux
posted @   mvpbang  阅读(181)  评论(0编辑  收藏  举报
相关博文:
· rhel-sos-异常日志收集
· ssh转发
· centos使用syslog来传日志
· Linux 服务 | rsyslog
· Centos7之Rsyslog服务器部署
阅读排行:
· DeepSeek 开源周回顾「GitHub 热点速览」
· 物流快递公司核心技术能力-地址解析分单基础技术分享
· .NET 10首个预览版发布:重大改进与新特性概览!
· AI与.NET技术实操系列(二):开始使用ML.NET
· 单线程的Redis速度为什么快?
历史上的今天:
2020-02-21 pycharm配置lua编译环境
2020-02-21 基于centos7源码编译openresty
2019-02-21 生产系统ELK日志采集系统
2018-02-21 Serv-U精简版FTP服务端
2017-02-21 软媒数据恢复
2017-02-21 Oracle的PLSQL别名中文出现乱码解决方法
点击右上角即可分享
微信分享提示
AI FOR CODE 大赛
CONTENTS