Label:Here's the idea: Use the Linux Rsyslog service to do the underlying, then use the MySQL and Rsyslog templates to store the files and display them on the web. The storage of [[Email protected] ~]#grep-v ' ^# '/etc/rsyslog.conf|grep-v ' ^$ '
$ModLoad Ommysql*. *: ommysql:localhost,syslog,rsyslog,123456$ModLoad Imu
not appear this problem; the second Redhat 6 platform products have been published for at least a year, if debug log is always missing should not wait until I find out. however. It is because of some habitual thinking. Or some seemingly rational but not rigorous judgment. Cause the truth to be belated.Then. I took a first look at the/var/log/messages file and saw an error message such as the following. and 6292 is the process ID I ran before.Imuxsock begins to drop messages from PID 6292 due to
, which defines the formatfacility.priority TargetMail.info /var/log/maillog# All levels higher than the specified level, including the specified level itself;Mail.=info /var/log/maillog# Specify the level explicitly;mail.! Info *# In addition to specifying levels*.info | COMMAND# Info level for all facilityMail.*:# All levels of mailMail,news.info:# info of mail and above level news and aboveTarget:File path: For example /var/log/messagesUser : *Log server:@SERVER_IPPipeline:| COMMANDLog
# A commented quick reference and sample configuration # warning: this is not a manual, the full manual of rsyslog configuration is in # rsyslog. conf (5) manpage # "$" starts lines that contain new directives. the full list of directives # can be found in/usr/share/doc/rsyslog-1.19.6/doc/rsyslog_conf.html or online # At http://www.rsyslog.com/doc if you do not h
First, the installation of the service side
Yum source New, if any, you can omit
# cat >>/etc/yum.repos.d/sohu.repo
Install lamp environment and rsyslog, if have lamp, only need to install Rsyslog Rsyslog-mysql can
Yum install rsyslog rsyslog-mysql mysql mysql-devel my
ObjectiveAs an operations engineer, viewing the analysis system log is a daily homework, but every time you look at the log is a server one server to see, several servers can also deal with this, but if you manage hundreds of thousands of online servers, this method is stretched. So we need to use the log server, but how can it be more intuitive to display it? Loganalyzer is a good choice, this article will explain how to use rsyslog+loganalyze to ach
the/var/log/messages file ). Shell code root @ viscent:/var/log # lsof | grep messages rsyslogd 544 syslog 7 w REG 8, 1 214641 134422/var/log/messages can be seen from the command output above, the PID of the process that opened the/var/log/messages file is 544, and the file descriptor (FD) of the file/var/log/messages is 7. Based on the above PID and FD, you can find the corresponding file in/proc: Shell code root @ viscent: /var/log # ls-al/proc/54
This is my entire process of log analysis for haproxy in the unit.We have been in the maintenance ES cluster configuration, and did not put a set of processes including the collection end of the code, all their own once, and the online collection of logs when we generally use the logstash, but the industry many people say logstash whether it is performance and stability is not very good, The advantage of Logstash is the simple configuration, this time I chose the RsyslogToday this haproxy log, I
daemon.Since I first learned about the syslog, I don't know where the log output of the fastcgi process is. I checked the output to/var/log/messages. However, there are no messages files in this directory.This is because the config file for syslog is not configured.The/etc/syslog.conf file is a configuration file for the Linux journaling system. (under Ubuntu for/etc/rsyslog.d/50-default.conf)Edit/etc/rsys
Label:installation program and component system for centos6.6# yum install httpd php php-mysql php-gd mysql mysql-server rsyslog-mysql
Second, prepare the relevant configuration and test the environment1. Start Http,mysql service# service Mysqld Start# Chkconfig Mysqld on# service httpd Start# Chkconfig httpd on# vim/var/www/html/index.php2. Create a database, new user and authorize# RPM-QLRsyslog-mysql= = View the file acquisition generated by the i
problem did not occur on redhat4/5; second, the RedHat 6 platform products have been released for at least a year, if the debug log is always missing, it should not wait for me to find it. However, it is precisely because of some conventional thinking, or some seemingly rational but not rigorous inferences that the truth is delayed.
Next, I checked the/var/log/messages file first and saw the following error message.6292It is the ID of the previously executed process.
imuxsock begins to drop me
. Filter (log filter)Filter is a highlight of rsyslog, and usually we don't have all the logs to collect, such as we only need to error The following level of log, or we want to include a specific content of the log. With the use of filter, we can easily implement these requirements. Here are a few examples of how to use the Manual in detail:
12
:msg, contains,"test_message"/var/log/test.log~
If the log content contains
I. Introduction of LoganalyzerThe Loganalyzer tool provides an easy-to-use, powerful front-end for searching, viewing and analyzing network activity data, including system logs, event logs, and many other log sources. Since it only presents the data to our users, the data itself needs to be collected by another program, such as Syslogd,rsyslog (which is now the default syslogd for the distribution), Winsyslog or Monitorware proxy. Loganalyzer is also
network segment information forwarding, it supports the host chain, even if the log message after a lot of computer forwarding, can also find the original host address and the entire forwarding chain. A final design principle is to make the configuration file as powerful and concise as possible. As an alternative to syslog, Syslog-ng is a complete replacement for syslo
1st Zhi
1st log is a plain text file that the system uses to record some relevant information about the system at run time
The purpose of the 2nd log is to save the running status, error messages, etc. of the related programs. In order to analyze the system, save the history and find the parse error using when the error occurs
3 Linux typically saves the following types of logs
Kernel information
Service Information
Application information
2 Rsyslog
1. Server Installation
YUM source is created. If yes, it can be omitted.
#cat>>/etc/yum.repos.d/sohu.repo
[sohu]
name=sohu'smirrors
baseurl=http://mirrors.sohu.com/centos/5/os/x86_64/
enabled=1
gpgcheck=0
EOF
Install the LAMP environment and rsyslog. If LAMP is available, you only need to install rsyslog-mysql.
yuminstallrsyslogrsyslog-mysqlmysqlmysql-develmysql-serverphpphp-mysqlphp
How to convert windows logs into syslog Format and send them to the remote sysylog server, syslogsysylog
2. Configuration
Then open URL: http: // 192.168.37.23: 6161/and enter the Default User snare and the password set above.
The management interface is displayed,
We configured syslog mainly to set the following parameters. We should know what it is when we see 514.
3. Verify
View the
There is a new requirement: PostgreSQL logs in the rsyslog server should be separated, according to priority, that is:
Logs of error and warn must be archived in one file;
Info and other levels of logs are archived in one file, and logs are automatically cut every hour;
Solution:
1. Create the configuration file PostgreSQL. conf in the/etc/rsyslog. d directory.
vi/etc/rsyslog.d/postgresql.conf
# Define
Rhel5 and centos 5.5 x86_64 are all tested.
In the production environment, there is a log server dedicated to recording the log information of other servers is a good idea, but with the Red Hat built-in syslog, the configuration is simple, however, there is no way to separate logs. By default, logs are all heap in the/var/log/message file, which is used to create a log server. The following describes how to use s
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.