centos6-rsyslog使用
概述
syslog是一种广泛应用在unix/linux等设备上的日志传输协议
如何采集各个机器的日志到日志集中存储及分析,通过rsyslog发送到rsyslog日志接收端,在进行解析接存储到数据库在分析
开干
env
- centos6.x 2c4g x3
- rsyslog
- dis iptables
plan
- 172.24.20.51 rsyslog-sever
- 172.24.20.50/52 rsyslog-sender
dis iptables
service iptables stop && chkconfig iptables off
rsyslog
# check installed
rpm -qa |grep rsyslog
[root@c6-172-24-20-50 ~]# rpm -ql rsyslog |grep etc
/etc/logrotate.d/syslog
/etc/pki/rsyslog
/etc/rc.d/init.d/rsyslog
/etc/rsyslog.conf
/etc/rsyslog.d
/etc/sysconfig/rsyslog
default already installed
server
add args
vim /etc/sysconfig/rsyslog
#SYSLOGD_OPTIONS="-c 5"
SYSLOGD_OPTIONS="-m 0 -r"
config
/etc/rsyslog.conf
#### MODULES ####
$ModLoad imtcp
$InputTCPServerRun 514
#### GLOBAL DIRECTIVES ####
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$template Remote, "/opt/log/%fromhost-ip%/%fromhost-ip%_%$YEAR%-%$MONTH%-%$DAY%.log"
:fromhost-ip, !isequal, "127.0.0.1" ?Remote
& ~
restart rsyslog
service rsyslog start|stop|restart|status
client
# add send all log to server
vim /etc/rsyslog.conf
#send all log
#*.* @172.24.20.51 # @172.24.20.51:514 @是udp协议
#*.* @@172.24.20.51 # @@172.24.20.51:514 @@是tcp协议
# ### begin forwarding rule ###
$WorkDirectory /var/lib/rsyslog # where to place spool files
$ActionQueueFileName fwdRule1 # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
$ActionQueueType LinkedList # run asynchronously
$ActionResumeRetryCount -1 # infinite retries if host is down
*.* @@172.24.20.51:514
# ### end of the forwarding rule ###
restart rsyslog
service rsyslog restart
testing
[root@c6-172-24-20-51 ~]# cd /opt/log/
[root@c6-172-24-20-51 log]# ll
total 8
drwx------ 2 root root 4096 Feb 23 17:59 172.24.20.50
drwx------ 2 root root 4096 Feb 23 21:21 172.24.20.52
[root@c6-172-24-20-51 log]# ll 172.24.20.50/
total 260
-rw------- 1 root root 264776 Feb 23 22:03 172.24.20.50_2022-02-23.log
tail -F 172.24.20.50_2022-02-23.log
restart 20.50/ retry login linux