Statistics the value of Event.tags in the following field (red content){"url": "Http:\/\/icache.sinaimg.cn\/006gpxd2gw1exo8u4i7mkj30f00qotgg.lar", "Size": "10.79", "id": "295785", "action ":" "PUSH", "TOIDC": "BJ", "type": "ACCESS", "Level": "INFO",
Linux Log default time format: Dec 16 09:52:01, looks not accustomed to, modified to 2014-12-16 09:52:01 feel much more comfortable.Steps:Vi/etc/rsyslog.conf# define your own localized time format$template MyFormat, "% $NOW%%timestamp:8:15%%hostname%
Believe that the RSYSLOGD logrotate transfer cutting log students, will find the log after the file, will appear inaccurate date problem
For example: The June 21-generated log was transferred to the June 22 document for no reason, and the date was
Today, log management products are configured at the customer's office. tianrongxin firewall, Windows Server, and so on are quickly handled. However, there are not many operations on network devices at ordinary times. The first operation was Huawei
# Include # Include # Include # Include # Include # Include # Include # Include # Include # Include # Include # Include # Include # Include # Include # Include
# Define syslog_port 514
Int main (){Struct sockaddr_in ADDR;Long s_addr;Int FD;Int
Log system on LinuxSyslogSyslog-ngSyslog ServiceSYSLOGD: System, non-kernel generated log information.KLOGD: Kernel that specifically records the log information generated by the kernel.Kernel--> Physical Terminal/DEV/CONSOLE-->/VAR/LOG/DMESG#dmesg//
Linux Log audit project case (production environment log audit project solution)
Log auditing records information about all systems and related user behaviors and can be automatically analyzed, processed, and displayed (including text or video recordings)
Recommended method: Use sudo with the syslog service for log auditing (with less information and good results)
1. Install the sudo command and syslog Serv
= "wKiom1RF9BzD-BkZAAD_xWOR3_A332.jpg"/>
(5) Create rsyslog user permissions in MySQLMysql> grantall on syslog. * to [email protected] identified by '20140901 ';Mysql> flushprivileges;
Mysql> exit
(6) Configure rsyslog. conf on the server and enable udp514.
Vim/etc/rsyslog. conf
#### Modules ##### modify the following
to the MySQL database, which must be installed
Configure Server-side
Import Rsyslog-mysql Database files# cd/usr/share/doc/rsyslog-mysql-5.8.10/# mysql-uroot-p123456
See what's done# mysql-uroot-p123456mysql> show databases;mysql> use Syslog;Mysql> Show tables;The import database operation created the
Loganalyzer Deployment Documentation
Environment Preparation:
Brief introduction
The Loganalyzer is a web front end for syslog logs and other network event data. It provides simple browsing, searching, basic analysis, and some chart reporting functions for logs. Data can be obtained from a database or a generic syslog text file, so Loganalyzer does not need to change the existing record sc
information about cron jobs. Use this data to make sure your cron job is running successfully.
Digital Ocean has a complete tutorial on these files, which describes how Rsyslog creates them in common distributions such as RedHat and CentOS.
The application will also write to the log file in this directory. For example, common server programs like Apache,nginx,mysql can write log files in this directory. Some of these log files are created by the ap
no configuration file similar to/etc/syslog. conf in klogd. The advantage of using klogd to avoid using syslogd is that you can find a large number of errors. If someone intrude into the kernel, you can use klogd to modify the error.
Enable the log server function:
# Provides UDP syslog resume tion
$ Modload imudp
$ Udpserverrun 514
# Provides TCP syslog resta
MySQL stores logs and uses Loganalyzer for front-end display
Why use logs?In the production environment, we may need a complete log system to view the status and operations of the running host service, we can use ELK in a larger network architecture to collect, retrieve, and display logs at the front end, however, in small and medium architectures, rsyslog is enough to collect and retrieve logs from all servers for real-time data traffic analysis.
Obj
Loganalyzer is a Web front-end for syslog logs and other network event data. It provides a simple view of the log, search, basic analysis, and some chart reporting capabilities. Data can be obtained from a database or a generic syslog text file, so Loganalyzer does not need to change the existing record schema. Based on current log data, it can handle syslog log
management:
#yum update yum install mariadb mariadb-server mariadb-client rsyslog-mysql
#systemctl enable mariadb systemctl start mariadb
Then usemysql_secure_installationThe tool sets the password for the root user and other security considerations:
Ensure MySQL database security
Note: If you do not want to use the MariaDB root user to insert log messages to the database, you can configure another user account. The introduction to implementatio
collected to a central database. System messages can be forwarded to rsyslog by systemd-journald for further processing.The rsyslog service then arranges system log messages by type (or device) and priority, and writes them to permanent files in the/var/log directory.
The/var/log directory stores various system and service-specific log files maintained by rsyslog
devices using the off-line (offline) method.
The Syslog. conf configuration format is
Service name [. =!] Record level record file or host
Log Security
Set the hidden attribute chattr + a/var/log/messages. Only append cannot be deleted.
-------------------------------------- Split line --------------------------------------
RHEL5.4 deployment of central Log server rsyslog + Log Analyzer
Deploy a log server
), rsyslog through the shared library file to connect to the MySQL database, and complete the data transfer.[Email protected] ~]# rpm-ql rsyslog-mysql
/lib64/rsyslog/ommysql.so
/usr/share/doc/rsyslog-mysql-5.8.10
/usr/share/doc/rsyslog-mysql-5.8.10/createdb.sqlExecute the SQ
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.