Linux 监控系统日志

logwatch

  1. 已安装并配置任意 MTA。参见:Linux 发送邮件 | 博客园

  2. 安装 logwatch

    sudo apt install logwatch

  3. 配置 Logwatch:

    sudoedit /usr/share/logwatch/default.conf/logwatch.conf

    MailTo = example@gmail.com    # 改为实际收件人
MailFrom = example@gmail.com  # 改为 MTA 配置的发件人
Range = yesterday
Detail = Low
Service = All
DailyReport = Yes
Output = mail
Format = html

  4. 发送测试日志:

    sudo logwatch --detail Low --mailto example@gmail.com --service All --range All

参考:How To Install and Use Logwatch Log Analyzer and Reporter on a VPS | DigitalOcean

Datadog

Datadog 是一个云原生的监控和可观测性平台,通过统一的仪表板提供基础设施监控、应用性能监控、日志管理和安全监控等服务。

进程监控

  1. 启用实时进程收集:

    sudoedit /etc/datadog-agent/datadog.yaml

    process_config:
  process_collection:
    enabled: true

  2. 重启 datadog:

    sudo systemctl restart datadog-agent

参考:Live Processes | Datadog Docs

  1. 配置 system-probe

    sudo cp /etc/datadog-agent/system-probe.yaml{.example,}
sudoedit /etc/datadog-agent/system-probe.yaml

    network_config:
  enabled: true

  2. 启动 system-probe

    sudo systemctl start datadog-agent-sysprobe
sudo systemctl enable datadog-agent-sysprobe

  3. 重启 datadog:

    sudo systemctl restart datadog-agent

参考:Cloud Network Monitoring Setup | Datadog Docs

journald 监控

  1. 将 dd-agent 加入 systemd-journal 用户组:

    sudo usermod -aG systemd-journal dd-agent

  2. 启用日志收集:

    sudoedit /etc/datadog-agent/datadog.yaml

    logs_enabled: true

  3. 配置收集明细:

    sudo cp /etc/datadog-agent/conf.d/journald.d/conf.yaml{.example,}
sudoedit /etc/datadog-agent/conf.d/journald.d/conf.yaml

    logs:
  - type: journald
  include_units:
    - docker.service
    - sshd.service
  exclude_units:
    - '*'
  include_user_units:
    - clash.service
  exclude_user_units:
    - '*'

参考:journald | Datadog Docs

posted @ 2025-09-29 02:57  Undefined443  阅读(9)  评论(0)    收藏  举报