I believe that the packages engaged in linux Server O & M are the same as those of me. They are dealing with various system logs and service logs every day. These logs record the status of the system or service that occurs every day. By observing logs, We can promptly resolve many system and service faults.
Today, rsyslog is used to centrally collect system logs and user operation records, and to process collected logs. For example, server exception monitoring and user behavior auditing.
Deployment architecture:
Roles: Application Server, log summary server, database, log monitoring, and log query
650) this. width = 650; "title =" image "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; border-left: 0px; padding-top: 0px; padding-left: 0px; padding-right: 0px; "border =" 0 "alt =" image "src =" http://www.bkjia.com/uploads/allimg/131228/0125113361-0.png "height =" 359 "/>
Here we will explain the following:
1. Summarize the logs on the application server to the log summary server.
2. Write the logs on the summary server to the database.
3. Process summary logs, such as log monitoring and Historical queries.
Lab environment:
Operating System: Centos 5.8 x86_64
1. Configure log collection
On the log summary server, perform the following operations:
Because Centos 5.8 x86_64 uses the syslog service by default, rsyslog must be manually installed on the log summary server.
service syslog stopchkconfig --del syslogyum -y install rsyslog
vim /etc/sysconfig/rsyslog #SYSLOGD_OPTIONS="-m 0" SYSLOGD_OPTIONS="-c 2 -r 514 -x -m 240"
Functions of parameters:
-C indicates the running compatibility mode.
-R specifies the listening port.
-X disables DNS lookup when receiving client messages. It must be used with the-r parameter.
-M indicates the timestamp. The Unit is minute. If it is 0, this function is disabled.
650) this. width = 650; "title =" image "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; border-left: 0px; padding-top: 0px; padding-left: 0px; padding-right: 0px; "border =" 0 "alt =" image "src =" http://www.bkjia.com/uploads/allimg/131228/0125114340-1.png "height =" 191 "/>
chkconfig rsyslog onservice rsyslog startps -ef|grep rsyslog
650) this. width = 650; "title =" image "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; border-left: 0px; padding-top: 0px; padding-left: 0px; padding-right: 0px; "border =" 0 "alt =" image "src =" http://www.bkjia.com/uploads/allimg/131228/012511Oa-2.png "height =" 163 "/>
Operate on the Application Server:
echo "*.* @192.168.154.128" >> /etc/syslog.confservice syslog restart
vim /etc/bashrc export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg"; }'
650) this. width = 650; "title =" image "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; border-left: 0px; padding-top: 0px; padding-left: 0px; padding-right: 0px; "border =" 0 "alt =" image "src =" http://www.bkjia.com/uploads/allimg/131228/01251111c-3.png "height =" 238 "/>
source /etc/bashrc
Run the following commands on the application server to check whether the logs are successfully received on the server.
Enter a few commands on the application server.
650) this. width = 650; "title =" image "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; border-left: 0px; padding-top: 0px; padding-left: 0px; padding-right: 0px; "border =" 0 "alt =" image "src =" http://www.bkjia.com/uploads/allimg/131228/0125114a4-4.png "height =" 183 "/>
Log summary Server:
tail -f /var/log/messages
650) this. width = 650; "title =" image "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; border-left: 0px; padding-top: 0px; padding-left: 0px; padding-right: 0px; "border =" 0 "alt =" image "src =" http://www.bkjia.com/uploads/allimg/131228/0125115291-5.png "height =" 141 "/>
Configure the log warehouse receiving part
Create a database and table structure:
cat /usr/share/doc/rsyslog-mysql-3.22.1/createDB.sql
650) this. width = 650; "title =" image "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; border-left: 0px; padding-top: 0px; padding-left: 0px; padding-right: 0px; "border =" 0 "alt =" image "src =" http://www.bkjia.com/uploads/allimg/131228/01251150U-6.png "height =" 522 "/>
mysql < /usr/share/doc/rsyslog-mysql-3.22.1/createDB.sql
grant all on Syslog.* to rsyslog_user@'%' identified by 'rsyslog_pass';flush privileges;
650) this. width = 650; "title =" image "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; border-left: 0px; padding-top: 0px; padding-left: 0px; padding-right: 0px; "border =" 0 "alt =" image "src =" http://www.bkjia.com/uploads/allimg/131228/0125116156-7.png "height =" 452 "/>
Operations on the log summary Server:
yum –y install rsyslog-mysql
vim /etc/rsyslog.conf $ModLoad ommysql *.* :ommysql:192.168.154.128,Syslog,rsyslog_user,rsyslog_pass
Format: *. *: ommysql: IP: Database Name: User: Password
650) this. width = 650; "title =" image "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; border-left: 0px; padding-top: 0px; padding-left: 0px; padding-right: 0px; "border =" 0 "alt =" image "src =" http://www.bkjia.com/uploads/allimg/131228/0125112M8-8.png "height =" 222 "/>
service rsyslog restart
Check whether the database is properly stored
650) this. width = 650; "title =" image "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; border-left: 0px; padding-top: 0px; padding-left: 0px; padding-right: 0px; "border =" 0 "alt =" image "src =" http://www.bkjia.com/uploads/allimg/131228/0125112108-9.png "height =" 261 "/>
After completing the preceding steps, you can start log processing.
About log processing
Common log processing methods include:
1. Use nagios to monitor the log status. For example, if an error is found, a message is sent to the Administrator. The administrator can promptly handle server-related faults.
2. Analyze logs, such as loganalyzer log analysis tools.
3. query the log information in the database to search for operations performed by a user on a machine.
Write it here today. If you have any questions, please contact me.
This article from the "small Cui's growth path" blog, please be sure to keep this source http://cyr520.blog.51cto.com/714067/1214850