Objective:
Whenever we encounter a problem scratching, a face of what, perhaps look at the log immediately suddenly enlightened, so, an easy-to-use log server is still very important. Let's not introduce elk, the log analysis system for the boom-and-blast day. Today we'll build a small log server. Elk we'll say it again ~
Body:
When we configure a service, start an error, it feels like what to eat, not to mention how uncomfortable, unless the service program itself has a detection configuration file program, otherwise we have to rely on the Linux own centralized log server Rsyslog. However, sometimes we may want to search for a log, or to use a visual interface for statistical analysis. At this point we can save the log data to MySQL, and through the Loganalyzer to the Web interface display, convenient for us to query, search, Statistics ~ Later, we all reverse, first will realize, and then theory ~ ~ ~
Rsyslog's main configuration file is/etc/rsyslog.conf, we first open its listening port, so that it can not only collect the log of the machine, but also collect the logs of other hosts. The configuration is as follows.
#/etc/rsyslog.conf#### MODULES ##### provides UDP syslog reception$modload imudp$udpserverrun 514# provides TCP syslog rec Eption$modload Imtcp$inputtcpserverrun 514
We want to save the log data to MySQL, first we configure our database service
#yum install mariadb-server centos7,6 in MySQL configuration almost #mysql connect to database via MySQL command mysql>grant all on syslog.* to ' Syslog ' @ ' 127.0.0.1 ' IDENTIFIED BY ' syslog '; database is named Syslog, User syslog can access all tables of this database through 127.0.0.1, with a password of syslog#yum install rsyslog-mysql #安装mysql模块相关程序包 # mysql -usyslog -h127.0.0.1 -psyslog < /usr/share/doc/rsyslog-7.4.7/ mysql-createdb.sql Import Database ~ So we don't have to build our own database tables and stuff like that.
By default our configuration is saved to the log file, we have to have the log saved to the database, configure the Rsyslog configuration file
# # # # MODULES # # # # # # # $ModLoad Ommysql Add Related modules # # RULES ####*.info;mail.none;authpriv.none;cron.none:ommysql:127.0 The. 0.1,syslog,syslog,syslog saves the logs except Mail,authpriv,cron to MySQL.
Then we restart the Rsyslog service
Systemctl Restart Rsyslog Centos7 in this way restart the Services service rsyslogs restart Cent OS6 in this
The second part is to configure our Loganalyzer. Because this program looks and does not update, so we have to use the source code installation, but before this has to install the lamp environment.
#yum Install httpd php php-mysql php-gd# tar xf loganalyzer-3.6.5.tar.gz# cp-a Loganalyzer-3.6.5/src/var/www/html/logan alyzer# cd/var/www/html/loganalyzer# Touch config.php# chmod 666 config.php
Then start the HTTPD service ~ ~
Systemctl Start httpd
Here we can access the Loganalyzer with the browser: HTTP///Your host's ip/loganalyzer.
The configuration of the Web interface is not explained in detail, basically just always press next, except that there is a step to configure MySQL to keep the default is good.
650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M00/8C/B0/wKioL1h0y3OjTjKWAAA4yIUmwMw961.jpg-wh_500x0-wm_ 3-wmp_4-s_3774652400.jpg "style=" Float:none; "title=" 1.jpg "alt=" Wkiol1h0y3ojtjkwaaa4yiumwmw961.jpg-wh_50 "/>
650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M01/8C/B4/wKiom1h0y3bQ-QvjAACcg3u_-vs522.jpg-wh_500x0-wm_ 3-wmp_4-s_39044299.jpg "style=" Float:none; "title=" 2.jpg "alt=" Wkiom1h0y3bq-qvjaaccg3u_-vs522.jpg-wh_50 "/>
Here we will be configured, as for the specific functions of their own to explore it ~ ~ ~
When we're done, we'll talk about theory.
Before CENTOS6, is a syslog called the east to record the log, he mainly divided into two parts, KLOGD and Syslogd,klogd is based on the kernel, SYSLOGD is a system application. They are mainly through the service of TCP or UDP protocol to complete the log record delivery.
CENTOS6 is the beginning of the rsyslog we are using now, first of all it supports multi-threading, and can be more protocols to send logs, such as ssl/tls/relp and so on, but also can store log information in various databases, such as Mysql,pgsql,oracle. What else is there to customize the output format Yes, and so on.
The third is the tall, and at present very popular elk, it is composed of three east of the title.
E:elasticsearch, a distributed search engine, after all, it is reasonable to say that our daily operations search is greater than other methods.
L:logstash, is used to collect, analyze the log of the Dongdong
K:kibana, uh, provides a Web visualization interface.
Elk We'll talk about it later.
Rsyslog can mainly collect the following logs generated by the east. is called facility.
Auth (authentication related), Authpriv (authentication authorization), cron, daemon (daemon), Kern (Kernel), LPR (print system), mail (mail system), mark (kernel firewall tag), news (newsgroup), security ( Security-related), user (self-generated log), UUCP (a very old protocol), Syslog (Own), LOCAL0-LOCAL7 (user definable)
Another concept is the priority proirity, from low to high there are several
Debug, info, notice, warn (warning), err (Error), Crit (critical), Alert, Emerg (panic)
Saying so much, of course, is useful stuff, and we can use these two things to customize how the logs are collected. The syntax is as follows
Facility.priority Target
Indicates who (facility) produces the level (priority) of the log, in what form (target) to handle.
* Indicates all facility, we can also specify by ourselves: F1,f2,f3 ...
* denotes all levels, none means no level, priority represents all levels above and above, and =priority indicates that only log information at the specified level is logged.
For example: * * For all types of gems, logs of all levels, *.info for all types, info and above priority logs.
Now that we have selected the logs we want to process, we can specify how the logs are handled through the target field.
For example, save to a file,/var/log/message the time to the user, through the network to send logs to the designated log server, or through the pipeline with command processing, | COMMAND.
The ok! theory ends here ~ ~ ~
Complete
This article is from the "mechanism of small Wind" blog, please be sure to keep this source http://xiaofengfeng.blog.51cto.com/8193303/1890841
Build a small, beautiful log server based on Rsyslog+mysql+loganalyzer