Rsyslog is a multi-thread enhanced version of syslogd. It expands many other functions based on syslog, such as database support (MySQL, PostgreSQL, Oracle, etc.), log content filtering, and log format template definition. In addition to the default UDP protocol, rsyslog also supports TCP to receive logs.
This article only provides simple configuration and instructions. For more information about log-related services and configurations, see http://w.gdu.me/wiki/Linux/rsyslog_logrotate.html
Rsyslogd server and Server Load balancer; rsyslog and logrotate services
Environment preparation:
Operating System: CentOS-6.5-x86_64
Kernel: # uname-r 2.6.32-431. el6.x86 _ 64
Disable SELinux: 1. permanently modify SELinux = "" in the/etc/SELinux/config file to disabled, and then restart.
2. setenforce 0 takes effect immediately
Disable firewall: 1. permanently valid chkconfig iptables off 2 temporarily disabled #/etc/rc. d/init. d/iptables stop
Server _ IP: 172.16.19.12 (node2)
Client _ IP: 172.16.19.2 (stu19)
Install the SDK directly using yum in the lamp environment.
Time Synchronization: if multiple servers are involved, it is best to use the NTP server to synchronize the time.
Ephemeral disc as Yum source (CentOS-6.5-x86_64-bin-DVD1)
Server Configuration
Rsyslog supports storing logs on the MySQL server:
1) install the lamp environment, configure the MySQL database service, create a SYSLOG database, and authorize a remote user to log on to syspass. The password is syspass;
1 # Yum-y install httpd mysql-server MySQL PHP-mysql PHP-Gd 2 # service mysqld start3 #/usr/bin/mysqladmin-u Root Password 'root' 4 # mysql-uroot-proot5 ### because the plaintext password is used in this section, to ensure security, we recommend that you change the user password later in the production environment. 6 mysql> grant all on syslog. * To 'sysuser' @ 'localhost' identified by 'syspass'; 7 mysql> grant all on syslog. * To 'sysuser' @ '127. 0.0.1 'identified by 'syspass'; 8 mysql> flush privileges;
2) install rsyslog (installed on the local machine by default) and rsyslog-mysql package. rsyslog-mysql generates ommysql. so library and createdb. the initial SQL database; rsyslog-mysql transmits logs to a module of the MySQL database for rsyslog, which must be installed here.
1 # yum -y install rsyslog-mysql rsyslog2 # rpm -ql rsyslog-mysql3 /lib64/rsyslog/ommysql.so4 /usr/share/doc/rsyslog-mysql-5.8.10/createDB.sql
3) use the createdb. SQL statement to create the database on which rsyslog depends:
# Mysql-uroot-proot </usr/share/doc/rsyslog-mysql-5.8.10/createdb. SQL
Generated database: Syslog
Generation table: systemevents systemeventsproperties
4) modify the configuration file, configure the rsyslog activation module, set the listening port to 514, and modify the log segment of the Rules segment so that it is stored in the MySQL database.
1 At ##### modules #### enable the module: 2 # provides UDP syslog interval tion 3 $ modload imudp 4 $ udpserverrun 514 ### allow port 514 to receive logs forwarded by UDP Protocol 5 6 # provides TCP syslog interval tion 7 $ modload imtcp 8 $ inputtcpserverrun 514 #### allow port 514 to receive logs forwarded over TCP 9 10 $ modload ommysql # manually add 11 12 in #### rules #### Section define logged log information in the database, according to the definition, all the log information can be stored in the database, and only part of the test is tested here. 13 *. info; mail. none; authpriv. none; cron. none: ommysql: 127.0.0.1, syslog, sysuser, syspass14 ### ommysql: Database address, database name, database username, Database Password
5) restart the rsyslog service and check whether port 514 is listening.
# Service rsyslog restart
# SS-anltp | grep 514
Listen 0 25: 514: * Users :( ("rsyslogd", 19513,6 ))
Listen 0 25 *: 514 *: * Users :( ("rsyslogd", 19513,2 ))
Local test:
First, use Yum to install the vsftpd package, and then run the tail-F/var/log/messages command to check that the log file has no relevant log information.
Query related log information in the MySQL database
# Mysql-uroot-proot
Mysql> Use Syslog
Mysql> select * From systemevents;
The log information of vsftpd package installed on node2 is displayed in the table.
Client related:
Configuration:
Client Host Name: stu19
1. Install the rsyslog package. It is installed by default. # Yum install rsyslog-y
# Rpm-Q rsyslog
Rsyslog-7.4.7-6.el7.x86_64
2. modify the configuration file rsyslog. conf and add the following content:
# Vim/etc/rsyslog. conf
*. * @ 172.16.19.12: 514 # Allow logs to be sent to the rsyslog server. @ indicates that logs are sent over TCP. @ indicates that logs are forwarded over UDP.
3. Restart the rsyslog service.
#/Etc/rc. d/init. d/rsyslog restart
Test:
1. Run the following command on the client to install lrzsz;
2. No log information can be found in tail-F/var/log/messages.
3. In the database table of the server
Use webgui to display log information and install loganalyzer
First download loganalyzer-3.6.5.tar.gz and Chinese Language Pack
1 # tar xf loganalyzer-3.6.5.tar.gz-C/var/www/html/2 # cd/var/www/html/3 # mv loganalyzer-3.6.5 loganalyzer 4 directory has an install file, install the SDK as prompted. 5 # mv loganalyzer/src /*. /loganalyzer 6 # cp loganalyzer/contrib /*. /loganalyzer/7 # cd/var/www/html/loganalyzer/8 # chmod + x configure. sh secure. sh 9 #. /configure. sh10 #. /secure. sh11 # chmod 666 config. php12 download a Chinese file 13 # mkdir/var/www/html/loganalyzer/lang/zh14 # download the Chinese file admin. PHP info.txt main. PHP: add the three files to the en directory created on the page 15 # chown-r Apache. apache. /* 16 # service httpd restart
Enter http: // 172.16.19.12/loganalyzer in the browser, as shown in. Click here to install loganalyzer.
650) This. width = 650; "Title =" image "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201408/20/2817266_1408548172R8pZ.png "" 854 "Height =" 251 "/>
If no error message is reported, click "Next" until step 3.
650) This. width = 650; "Title =" image "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201408/20/2817266_1408548173iYVs.png "" 1195 "Height =" 313 "/>
650) This. width = 650; "Title =" image "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201408/20/2817266_1408548173Ylr8.png "" 922 "Height =" 234 "/>
Perform basic configuration as needed. The automatic resolution IP address here is set to no
650) This. width = 650; "Title =" image "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201408/20/2817266_1408548174bEfx.png "" 971 "Height =" 297 "/>
Go directly from step 3 to Step 7 and enter some key information (in the red box) based on the previous database information.
650) This. width = 650; "Title =" image "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201408/20/2817266_14085481744Fq1.png "" 917 "Height =" 361 "/>
650) This. width = 650; "Title =" image "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201408/20/2817266_1408548174UECW.png "" 840 "Height =" 164 "/>
Click Finish until the installation configuration is complete;
Loganalyze page
650) This. width = 650; "Title =" image "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201408/20/2817266_1408548175VVej.png "" 1193 "Height =" 558 "/>
Modify the language to Chinese in the upper-right corner of the webpage.
650) This. width = 650; "Title =" image "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201408/20/2817266_1408548175XUvm.png "" 394 "Height =" 145 "/>
Test:
Install lrzsz using Yum on the server. The first log is displayed on the page.
650) This. width = 650; "Title =" image "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; padding-right: 0px "border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201408/20/2817266_1408548175CARl.png "" 1003 "Height =" 361 "/>
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
