Rsyslog Introduction and combining Loganalyzer for log analysis

Source: Internet
Author: User
Tags syslog rsyslog

1.syslog Introduction:

The Log service defaults to syslog on CentOS 5, and all 6 are upgraded to Rsyslog. Rsyslog is an enhanced version of Syslog and offers many advanced features. Syslog consists of two processes, KLOGD and SYSLOGD,KLOGD record kernel generated log information, while SYSLOGD is normal log information. In addition to some advanced features, the overall framework of Rsyslog and Syslog is basically the same.


Features of the 2.Rsyslog:

Support Select udp| TCP protocol transfer log file;

Support SSL encryption;

Multithreading model work;

The log can be put into a relational database;

Can be used as a log server to receive the logs sent by other servers;


3. Level of Log

The level of logging is the logging level, and syslog divides the log level into the following (the low level defaults to include high-level log information):

Debug Debug level, all information will be logged
Info Slightly higher than the debug level
Notice Notification information, higher than the info level
Warning Issue a warning
Err,error Error occurred
Crit More serious than err
Alert The system is having serious problems
Emerg,panic The system is going to be hung out


4.syslog Facilities

Syslog divides different logs into several classes, which are called facilities:

Auth Certification Information
Authpriv Licensing information
Cron Information generated by Scheduled tasks
Daemon Information generated by the daemon process
Kern Information generated by the kernel
Lpr Printed information
Mail Message-Related information
Mark Firewall-Tagged information
News Newsgroup information
Security Security-related information
Syslog System log
User User-related information
Uucp Replication related between UNIX
LOCAL{0-7}
User-defined log class, divided into 7 levels


Configuration of 5.rsyslog:

The Rsyslog configuration file is/etc/rsyslog.conf and/etc/rsyslogd/*.conf.

The/etc/rsyslog.conf file is divided into four "regions":

MODULES Module for Syslog
GLOBAL Global definition, format of records, etc.
RULES Logging related
Begin forwarding Rule Some of the forwarded record information


We primarily care about the rules area, in order for Rsyslog to record a specific class, level of log, it needs to be defined in the rules, in the format:

Facility (facility). Priority (log level) Target (the location of the log output)

Note:

The log level, the facility can use a wildcard character:

*: All Levels

,: List, for example: A,b,c is a, B, c three levels

!: Take counter

There are about four types of records used:

files, such as/var/log/message

User, sent to the specified user, * for all users

Log server: @172.16.10.1

Pipeline: | command is given to specific commands to handle

For example:

Mail.info/var/log/maillog log information for info and above in mail type Mail.=info/var/log/maillog records only log information at info level in Maill type mail.! Info/var/log/maillog log information for the following levels of info in the mail type mail.! =info/var/log/maillog log information in the mail type in addition to the info level *.info/var/log/maillog log information for all info and above levels Mail,news.info-/ Var/log/maillog log information in mail type, news type info and above, and write files asynchronously


Second, the configuration of Rsyslog and Loganalyzer combined work:

1. Introduction

Loganalyzer is a web interface log analysis tool that can analyze log information in MySQL, written by PHP, and relies on the lamp platform. To write log information to MySQL, you need to install the Rsyslog-mysql tool and enable the Rsyslog module.


2. Install lamp and related documents:

[[email protected] ~]# yum install-y httpd mysql mysql-server php php-mysql rsyslog-mysql

3. Import the Rsyslog-mysql SQL file (create Library, table) and create a user:

[[Email protected] ~]# service mysqld start[[email protected] ~]# mysql-uroot </usr/share/doc/rsyslog-mysql-5.8.10/  Createdb.sql[[email protected] loganalyzer]# mysql mysql> GRANT all on syslog.* to ' loganauser ' @ ' localhost ' identified By ' Redhat '; Mysql> GRANT all on syslog.* to ' loganauser ' @ ' 127.0.0.1 ' identified by ' Redhat ';


4. Configure Rsyslog Load Ommysql module (module written to MySQL database):

[[email protected] ~]# vim/etc/rsyslog.conf added in modules area: $ModLoad ommysql[[email protected] loganalyzer]# service Rsy                                    Slog restartshutting down system logger: [OK]starting System Logger: [OK] [Email protected] loganalyzer]#


5. Download the Loganalyzer and unzip to the/var/www/loganalyzer directory for configuration:

[[email protected] ~]# tar-xf loganalyzer-v3.6.1.tar.gz[[email protected] ~]# CD Loganalyzer-3.6.1/[[email protected] Lo ganalyzer-3.6.1]# MV src//var/www/loganalyzer[[email protected] loganalyzer-3.6.1]# mv contrib/*/var/www/loganalyzer /[[email protected] loganalyzer-3.6.1]# cd/var/www/loganalyzer/[[email protected] loganalyzer]# chmod +x configure.sh Secure.sh[[email protected] loganalyzer]#./configure.sh [[email protected] loganalyzer]#./secure.sh [[Email protected ] loganalyzer]# rm-rf configure.sh secure.sh [[email protected] loganalyzer]# chown-r Apache.apache *


6. Configure httpd default home page is index.php and start:

[Email protected] loganalyzer]# vim/etc/httpd/conf/httpd.conf directoryindex index.php[[email protected] Loganalyzer ]# service httpd startstarting httpd: [OK][[email protected] loganalyzer]#


7. Open the http://hostname/loganalyzer/install.php installation:

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/79/1B/wKiom1aJET7A6nuCAACrG9lX9h0641.png "style=" float: none; "title=" One.png "alt=" Wkiom1ajet7a6nucaacrg9lx9h0641.png "/>

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/79/1A/wKioL1aJEWLhtHfSAAC9yOq9FVY449.png "style=" float: none; "title=" Two.png "alt=" Wkiol1ajewlhthfsaac9yoq9fvy449.png "/>

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/79/1A/wKioL1aJEWLzUmgwAAD-dwM5Kuk764.png "style=" float: none; "title=" 3.png "alt=" Wkiol1ajewlzumgwaad-dwm5kuk764.png "/>

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/79/1B/wKiom1aJEUDzbP8uAAEL1jfS-Po603.png "style=" float: none; "title=" 4.png "alt=" Wkiom1ajeudzbp8uaael1jfs-po603.png "/>

650) this.width=650; "src=" http://s2.51cto.com/wyfs02/M01/79/1B/wKiom1aJEUGCZjwLAADirb1y9kc363.jpg "style=" float: none; "title=" 5.jpg "alt=" Wkiom1ajeugczjwlaadirb1y9kc363.jpg "/>

650) this.width=650; "src=" http://s1.51cto.com/wyfs02/M01/79/1A/wKioL1aJEWXiGvp_AAFlZfTsCQ4328.jpg "style=" float: none; "title=" 6.jpg "alt=" Wkiol1ajewxigvp_aaflzftscq4328.jpg "/>

8. Configure Syslog to write logs to the MySQL database:

[Email protected] loganalyzer]# vim/etc/rsyslog.conf *.info:ommysql:127.0.0.1,syslog,loganauser,redhat[[email p  Rotected] loganalyzer]# service rsyslog restartshutting down system logger: [OK]starting System logger: [OK][[email protected] loganalyzer]#


9. Refresh the page view log already has two records:

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/79/1B/wKiom1aJEnGgdHkLAAGE8KgJd3U792.png "title=" 1.png " alt= "Wkiom1ajenggdhklaage8kgjd3u792.png"/>


This article is from the "Systemcall Community" blog, so be sure to keep this source http://minux.blog.51cto.com/8994862/1731119

Rsyslog Introduction and combining Loganalyzer for log analysis

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.