centos6-rsyslog使用

概述

syslog是一种广泛应用在unix/linux等设备上的日志传输协议
如何采集各个机器的日志到日志集中存储及分析,通过rsyslog发送到rsyslog日志接收端,在进行解析接存储到数据库在分析

开干

env

  • centos6.x 2c4g x3
  • rsyslog
  • dis iptables

plan

  • 172.24.20.51 rsyslog-sever
  • 172.24.20.50/52 rsyslog-sender

dis iptables

service iptables stop && chkconfig iptables off

rsyslog

# check installed
rpm -qa |grep rsyslog

[root@c6-172-24-20-50 ~]# rpm -ql rsyslog |grep etc
/etc/logrotate.d/syslog
/etc/pki/rsyslog
/etc/rc.d/init.d/rsyslog

/etc/rsyslog.conf
/etc/rsyslog.d
/etc/sysconfig/rsyslog

default already installed

server

add args

vim /etc/sysconfig/rsyslog
#SYSLOGD_OPTIONS="-c 5"
SYSLOGD_OPTIONS="-m 0 -r"

config

/etc/rsyslog.conf

#### MODULES ####
$ModLoad imtcp
$InputTCPServerRun 514

#### GLOBAL DIRECTIVES ####
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

$template Remote, "/opt/log/%fromhost-ip%/%fromhost-ip%_%$YEAR%-%$MONTH%-%$DAY%.log"
:fromhost-ip, !isequal, "127.0.0.1" ?Remote
& ~

restart rsyslog

service rsyslog start|stop|restart|status

client

# add send all log to server
vim /etc/rsyslog.conf

#send all log
#*.*     @172.24.20.51    # @172.24.20.51:514 @是udp协议
#*.*     @@172.24.20.51   # @@172.24.20.51:514 @@是tcp协议

# ### begin forwarding rule ###

$WorkDirectory /var/lib/rsyslog # where to place spool files
$ActionQueueFileName fwdRule1 # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g   # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
$ActionQueueType LinkedList   # run asynchronously
$ActionResumeRetryCount -1    # infinite retries if host is down

*.* @@172.24.20.51:514
# ### end of the forwarding rule ###

restart rsyslog

service rsyslog restart

testing

[root@c6-172-24-20-51 ~]# cd /opt/log/
[root@c6-172-24-20-51 log]# ll
total 8
drwx------ 2 root root 4096 Feb 23 17:59 172.24.20.50
drwx------ 2 root root 4096 Feb 23 21:21 172.24.20.52
[root@c6-172-24-20-51 log]# ll 172.24.20.50/
total 260
-rw------- 1 root root 264776 Feb 23 22:03 172.24.20.50_2022-02-23.log

tail -F 172.24.20.50_2022-02-23.log

restart 20.50/ retry login linux
posted @ 2023-02-21 09:15  mvpbang  阅读(156)  评论(0编辑  收藏  举报