Linux Log Management System

LOG: Records the time that occurs by time series.

Record content: The time the event occurred, the content of the event.

Logging System for Linux systems:

1, Syslogd: For CentOS 5, record the system process related logs

2, KLOGD: Kernel event-related logs

Rsyslog: New features supported on CentOS 6:

1. Support Multi-Threading

2, support based on the TCP,SSL,TLS,RELP protocol to store log information on the remote log server, the previous version of the Syslog support only text format.

3, support to put the data in Mysql,pgsql,oracle and other relational database

4, powerful filter, can realize any part of the filter system Information

5, support the complete output format configuration, can customize the output format

6. Applicable to enterprise-level logging requirements

Facility: facilities, which classify logs from a feature or program and are responsible for recording their logs by specialized tools, common tools include:

Auth,authpriv,cron,daemon,kern,lpr,mail,mark,news,security,syslog,user,uucp

You can specify a facility by using wildcards:

*: denotes all; F1,f2,f3,... ;!: Reverse, record a tool other than the specified tool for recording

Log levels: Debug, info, notice, warn, error, crit, alert, emerg,panic.

A wildcard character that defines the level of the log: *: Indicates all levels; none: no level, no log information is logged.

Rsyslog configuration file:/etc/rsyslog.conf, defines the format of the log system: Facility.priority Target

Target type: 1, file path, 2, user, denoted by *, 3, log server: @SERVER_IP; 4, Pipeline: | COMMAND

Format of log information:

Time Master Process (PID): Event

Features of the Rsyslog:

First, the function of the log server: To receive the log of the remote server, in the configuration file to open the corresponding module and its corresponding service listener port definition and restart the service, the corresponding Log server feature is enabled.

Turn on the log Server feature on the host side of the log server:

# vim/etc/rsyslog.conf

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/46/D1/wKioL1P0uufCXM4GAAChE2zzrcw880.jpg "title=" 2014-08-20 23_06_44-root@localhost_~-Xshell 4.jpg "alt=" Wkiol1p0uufcxm4gaache2zzrcw880.jpg "/>

# Service Rsyslog Restart

How to adjust logging on hosts that need to send logs to the server side:

# vim/etc/rsyslog.conf

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/46/CF/wKiom1P0uD7jqbX4AABXa0nVJG0337.jpg "title=" 2014-08-20 23_00_04-root@nfs_~-Xshell 4.jpg "alt=" Wkiom1p0ud7jqbx4aabxa0nvjg0337.jpg "/>

# Service Rsyslog Restart

To install software tests on the client:

# yum Install-y rsyslog-mysql

To view log records on the log server side:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/46/D0/wKiom1P0unSCpyaLAACiVle1rJ0445.jpg "title=" 2014-08-20 23_08_55-root@localhost_~-Xshell 4.jpg "alt=" Wkiom1p0unscpyalaacivle1rj0445.jpg "/>

Information about the client installation software is logged in the log server.

Second, Rsyslog support log storage with the MySQL server:

# yum Install-y rsyslog-mysql Mysql-server

# service Mysqld Start

# vim/etc/rsyslog.conf

Add a row to the log server's configuration file with the following: ModLoad Ommysql, and a new row is defined for the log save type and storage location below, and the definition data is saved in the MySQL database:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/46/D0/wKiom1P0vm6CX_EXAAB6aIblai4215.jpg "title=" 2014-08-20 23_25_25-root@nfs_~-Xshell 4.jpg "alt=" Wkiom1p0vm6cx_exaab6aiblai4215.jpg "/>

Import the Syslog database and authorize the user:

# MySQL </usr/share/doc/rsyslog-mysql-5.8.10/createdb.sql

# GRANT all on syslog.* to [e-mail protected] identified by ' Rsyslogpass ';

# GRANT all on syslog.* to [e-mail protected] identified by ' Rsyslogpass ';

# FLUSH privileges;

In the client host's configuration file, define the logging location as a remote database server:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/46/D4/wKioL1P0xUmTn4HZAAC3teAz9qY733.jpg "title=" 2014-08-20 23_51_03-root@localhost__etc_yum.repos.d-xshell 4.jpg "alt=" Wkiol1p0xumtn4hzaac3teaz9qy733.jpg "/>

To install a package test on a client host: # Yum Install-y tree

The results of viewing log information for records in the table corresponding to the server-side database are:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/46/D2/wKiom1P0xH7SowVdAAFL9wdpAek663.jpg "title=" 2014-08-20 23_52_21-root@nfs_~-Xshell 4.jpg "alt=" Wkiom1p0xh7sowvdaafl9wdpaek663.jpg "/>

Third, through the WebGui display log information, the use of the module is Loganalyzer.

Log server needs to be configured as lamp platform, need to install Httpd,php,mysql

# yum install-y httpd php php-mysql mysql-server php-gd

Install Loganalyzer:

# Tar XF loganalyzer-3.6.5.tar.gz

# Mkdir/var/www/html/log

# CP loganalyzer-3.6.5/src/*/var/www/html/log

# CP loganalyzer-3.6.5/contrib/*/var/www/html/log

# Cd/var/www/html/log

# chmod +x configure.sh secure.sh

#./configure.sh

#./secure.sh

# chmod 666 config.php

# Chown-r Apache.apache./

Enter the access path within the browser: Loganalyzer Display Interface:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/46/D4/wKioL1P0y0OzboO1AADbWXy_zUk406.jpg "title=" 2014-08-21 00_16_31-adiscon loganalyzer __ Critical Error occured.jpg "alt=" Wkiol1p0y0ozboo1aadbwxy_zuk406.jpg "/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/46/D2/wKiom1P0yg6COTBPAAG4gSbAHEQ670.jpg "title=" 2014-08-21 00_15_12-loganalyzer __ Installer Step 1.jpg "alt=" Wkiom1p0yg6cotbpaag4gsbaheq670.jpg "/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/46/D4/wKioL1P0y_uwAsJWAAI9U54_Bd8787.jpg "title=" 2014-08-21 00_19_40-loganalyzer __ Installer Step 7.jpg "alt=" Wkiol1p0y_uwasjwaai9u54_bd8787.jpg "/>

Rsyslog installation is complete.