RHEL7通过Rsyslog搭建集中日志服务器
说明:这里是Linux服务综合搭建文章的一部分,本文可以作为单独搭建rsyslog日志服务器的参考。
注意:这里所有的标题都是根据主要的文章(Linux基础服务搭建综合)的顺序来做的。
如果需要查看相关软件版本和主机配置要求,请根据目录自行查看。
Linux服务综合搭建的文章目录
====================================================
5、foundation通过Rsyslog搭建集中日志服务器
8、rhel7 JAVA web环境搭建(使用Tomcat8整合httpd)
10、foundation配置kerberos和NTP服务以及安全的NFS挂载
====================================================
主机角色说明
5、foundation通过Rsyslog搭建集中日志服务器
5.1 数据存放在日志文本文件中
5.1.1 检查有没有安装rsyslog (默认都是安装了的并且开机自启动)
5.1.2 配置文件解析
- 服务器端配置文件配置选项解析:
- [root@localhost samba]# vim /etc/rsyslog.conf
- $ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
- $ModLoad imjournal # provides access to the systemd journal
- #####开启udp接收日志
- $ModLoad imudp
- $UDPServerRun 514
- $template RemoteHost,"/data/syslog/%$YEAR%-%$MONTH%-%$DAY%/%FROMHOST-IP%.log"
- *.* ?RemoteHost
- & ~
- ####开启tcp协议接受日志
- $ModLoad imtcp
- $InputTCPServerRun 514
- $WorkDirectory /var/lib/rsyslog
- $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
- #######启用/etc/rsyslog.d/*.conf目录下所有以.conf结尾的配置文件
- $IncludeConfig /etc/rsyslog.d/*.conf
- $OmitLocalLogging on
- $IMJournalStateFile imjournal.state
- *.info;mail.none;authpriv.none;cron.none /var/log/messages
- authpriv.* /var/log/secure
- mail.* -/var/log/maillog
- cron.* /var/log/cron
- *.emerg :omusrmsg:*
- uucp,news.crit /var/log/spooler
- local7.* /var/log/boot.log
- local0.* /etc/keepalived/keepalived.log
- 客户端配置文件配置选项解析
- [root@server98 log]# grep -v "^$" /etc/rsyslog.conf | grep -v "^#"
- $ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
- $ModLoad imjournal # provides access to the systemd journal
- $WorkDirectory /var/lib/rsyslog
- $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
- $template myFormat,"%timestamp% %fromhost-ip% %msg%\n" #自定义模板的相关信息
- $IncludeConfig /etc/rsyslog.d/*.conf
- $OmitLocalLogging on
- $IMJournalStateFile imjournal.state
- *.* @172.25.0.55:514 #该声明告诉rsyslog守护进程,将系统上各个设备的各种日志的所有消息路由到远程rsyslog服务器(172.25.0.55)的UDP端口514。@@是通过tcp传输,一个@是通过udp传输。
- *.info;mail.none;authpriv.none;cron.none /var/log/messages
- authpriv.* /var/log/secure
- mail.* -/var/log/maillog
- cron.* /var/log/cron
- *.emerg :omusrmsg:*
- uucp,news.crit /var/log/spooler
- local7.* /var/log/boot.log
- local0.* /etc/keepalived/keepalived.log
- :FROMHOST-IP, isequal, "10.26.44.206" /var/log/10.26.44.206.log
- :FROMHOST-IP, isequal, "11.40.169.210" /var/log/11.40.169.210.log
- a:$template Remote,"/date/log/%fromhost-ip%_%$YEAR%-%$MONTH%-%$DAY%.log"
- b.$template Remote,"/data/log/%fromhost-ip%_%$YEAR%-%$MONTH%-%$DAY%.log" 定义模板,接受日志文件路径,区分了不同主机的日志
- c.:fromhost-ip, !isequal, "127.0.0.1" ?Remote 过滤server 本机的日志
- 最简单的办法;
- $template myFormat,"%timestamp% %fromhost-ip%%msg%\n"
- $template Remote,"/var/log/%fromhost-ip%_%$YEAR%-%$MONTH%-%$DAY%.log"
- :fromhost-ip, !isequal, "127.0.0.1" -?Remote;myFormat
5.1.3 客戶端重要配置
- [root@rhel7 log]# grep -v "^#" /etc/rsyslog.conf | grep -v "^$"
- $ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
- $ModLoad imjournal # provides access to the systemd journal
- $template myFormat,"%timestamp% %fromhost-ip% %msg%\n"
- $WorkDirectory /var/lib/rsyslog
- $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
- $IncludeConfig /etc/rsyslog.d/*.conf
- $OmitLocalLogging on
- $IMJournalStateFile imjournal.state
- *.* @172.25.0.55:514
- *.info;mail.none;authpriv.none;cron.none /var/log/messages
- authpriv.* /var/log/secure
- mail.* -/var/log/maillog
- cron.* /var/log/cron
- *.emerg :omusrmsg:*
- uucp,news.crit /var/log/spooler
- local7.* /var/log/boot.log
5.1.4 服务端重要配置
- [root@foundation 2019-07-01]# grep -v "^#" /etc/rsyslog.conf | grep -v "^$"
- $ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
- $ModLoad imjournal # provides access to the systemd journal
- $ModLoad imudp
- $UDPServerRun 514
- $ModLoad imtcp
- $InputTCPServerRun 514
- $template RemoteHost,"/var/log/rsyslog/%$YEAR%-%$MONTH%-%$DAY%/%FROMHOST-IP%.log"
- *.* ?RemoteHost
- & ~
- $WorkDirectory /var/lib/rsyslog
- $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
- $IncludeConfig /etc/rsyslog.d/*.conf
- $OmitLocalLogging on
- $IMJournalStateFile imjournal.state
- *.info;mail.none;authpriv.none;cron.none /var/log/messages
- authpriv.* /var/log/secure
- mail.* -/var/log/maillog
- cron.* /var/log/cron
- *.emerg :omusrmsg:*
- uucp,news.crit /var/log/spooler
- local7.* /var/log/boot.log
5.2 rsyslog使用数据库作为存储介质
注意:客户端配置和前面一致即可。
5.2.1 配置
服务端仅做下面的配置即可。
- 1 [root@foundation ~]# yum install rsyslog-mysql
使用脚本创建数据库:
- [root@foundation ~]# mysql -ursyslog -h127.0.0.1 -p </usr/share/doc/rsyslog-8.24.0/mysql-createDB.sql
- Enter password:
为Rsyslog创建数据库账户
- mysql> set global validate_password_policy=0;
- Query OK, 0 rows affected (0.00 sec)
- mysql> set global validate_password_length=4;
- Query OK, 0 rows affected (0.00 sec)
- mysql> GRANT ALL ON Syslog.* TO \'rsyslog\'@\'127.0.0.1\' IDENTIFIED BY \'test\';
- Query OK, 0 rows affected, 1 warning (0.01 sec)
- mysql> GRANT ALL ON Syslog.* TO \'rsyslog\'@\'localhost\' IDENTIFIED BY \'test\';
- Query OK, 0 rows affected, 1 warning (0.01 sec)
- mysql> flush privileges;
- Query OK, 0 rows affected (0.00 sec)
在/etc/rsyslog.conf中加入如下配置
重启rsyslogd
- 1 systemctl restart rsyslog.service
- 2 systemctl enable rsyslog.service
5.2.2 测试
使用rsyslog用户登录数据库后查看
部分截图
5.2.3 附MySQL导入导出SQL文件
- 导出整个数据库中的所有数据:
- 1、在linux命令行下输入:
- mysqldump -u userName -p dabaseName > fileName.sql
- fileName.sql最好加上路径名
- 导出数据库中的某个表的数据:
- mysqldump -u userName -p dabaseName tableName > fileName.sql
- 导出整个数据库中的所有的表结构
- 在linux命令行下输入:
- mysqldump -u userName -p -d dabaseName > fileName.sql
- 注意:是加了-d
- 导出整个数据库中某个表的表结构
- 在linux命令行下输入:
- mysqldump -u userName -p -d dabaseName tableName > fileName.sql
- 注意:是加了-d
- 导入mysql方法1(测试好用)
- 进入linux命令命令行下:
- mysql -u root -p 回车 输入密码
- mysql> use weifang
- mysql> source /home/user/data/fileName.sql
- 注意fileName.sql要有路径名,例如:source /home/user/data/fileName.sql
- 导入mysql方法2(测试一次,导入数据后占空间异常大,还需验证)
- 进入linux命令命令行下:
- mysql -uroot -p database < fileName.sql
- 注意fileName.sql要有路径名
最后希望大家提意见、转发、评论和交流!!!
版权声明:本文为meizy原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。