1.syslog Introduction:
The Log service defaults to syslog on CentOS 5, and all 6 are upgraded to Rsyslog. Rsyslog is an enhanced version of Syslog and offers many advanced features. Syslog consists of two processes, KLOGD and SYSLOGD,KLOGD record kernel generated log information, while SYSLOGD is normal log information. In addition to some advanced features, the overall framework of Rsyslog and Syslog is basically the same.
Features of the 2.Rsyslog:
Support Select udp| TCP protocol transfer log file;
Support SSL encryption;
Multithreading model work;
The log can be put into a relational database;
Can be used as a log server to receive the logs sent by other servers;
3. Level of Log
The level of logging is the logging level, and syslog divides the log level into the following (the low level defaults to include high-level log information):
Debug |
Debug level, all information will be logged |
Info |
Slightly higher than the debug level |
Notice |
Notification information, higher than the info level |
Warning |
Issue a warning |
Err,error |
Error occurred |
Crit |
More serious than err |
Alert |
The system is having serious problems |
Emerg,panic |
The system is going to be hung out |
4.syslog Facilities
Syslog divides different logs into several classes, which are called facilities:
Auth |
Certification Information |
Authpriv |
Licensing information |
Cron |
Information generated by Scheduled tasks |
Daemon |
Information generated by the daemon process |
Kern |
Information generated by the kernel |
Lpr |
Printed information |
Mail |
Message-Related information
|
Mark |
Firewall-Tagged information |
News |
Newsgroup information
|
Security |
Security-related information
|
Syslog |
System log |
User |
User-related information |
Uucp |
Replication related between UNIX |
LOCAL{0-7}
|
User-defined log class, divided into 7 levels |
Configuration of 5.rsyslog:
The Rsyslog configuration file is/etc/rsyslog.conf and/etc/rsyslogd/*.conf.
The/etc/rsyslog.conf file is divided into four "regions":
MODULES |
Module for Syslog |
GLOBAL |
Global definition, format of records, etc. |
RULES |
Logging related |
Begin forwarding Rule |
Some of the forwarded record information |
We primarily care about the rules area, in order for Rsyslog to record a specific class, level of log, it needs to be defined in the rules, in the format:
Facility (facility). Priority (log level) Target (the location of the log output)
Note:
The log level, the facility can use a wildcard character:
*: All Levels
,: List, for example: A,b,c is a, B, c three levels
!: Take counter
There are about four types of records used:
files, such as/var/log/message
User, sent to the specified user, * for all users
Log server: @172.16.10.1
Pipeline: | command is given to specific commands to handle
For example:
Mail.info/var/log/maillog log information for info and above in mail type Mail.=info/var/log/maillog records only log information at info level in Maill type mail.! Info/var/log/maillog log information for the following levels of info in the mail type mail.! =info/var/log/maillog log information in the mail type in addition to the info level *.info/var/log/maillog log information for all info and above levels Mail,news.info-/ Var/log/maillog log information in mail type, news type info and above, and write files asynchronously
Second, the configuration of Rsyslog and Loganalyzer combined work:
1. Introduction
Loganalyzer is a web interface log analysis tool that can analyze log information in MySQL, written by PHP, and relies on the lamp platform. To write log information to MySQL, you need to install the Rsyslog-mysql tool and enable the Rsyslog module.
2. Install lamp and related documents:
[[email protected] ~]# yum install-y httpd mysql mysql-server php php-mysql rsyslog-mysql
3. Import the Rsyslog-mysql SQL file (create Library, table) and create a user:
[[Email protected] ~]# service mysqld start[[email protected] ~]# mysql-uroot </usr/share/doc/rsyslog-mysql-5.8.10/ Createdb.sql[[email protected] loganalyzer]# mysql mysql> GRANT all on syslog.* to ' loganauser ' @ ' localhost ' identified By ' Redhat '; Mysql> GRANT all on syslog.* to ' loganauser ' @ ' 127.0.0.1 ' identified by ' Redhat ';
4. Configure Rsyslog Load Ommysql module (module written to MySQL database):
[[email protected] ~]# vim/etc/rsyslog.conf added in modules area: $ModLoad ommysql[[email protected] loganalyzer]# service Rsy Slog restartshutting down system logger: [OK]starting System Logger: [OK] [Email protected] loganalyzer]#
5. Download the Loganalyzer and unzip to the/var/www/loganalyzer directory for configuration:
[[email protected] ~]# tar-xf loganalyzer-v3.6.1.tar.gz[[email protected] ~]# CD Loganalyzer-3.6.1/[[email protected] Lo ganalyzer-3.6.1]# MV src//var/www/loganalyzer[[email protected] loganalyzer-3.6.1]# mv contrib/*/var/www/loganalyzer /[[email protected] loganalyzer-3.6.1]# cd/var/www/loganalyzer/[[email protected] loganalyzer]# chmod +x configure.sh Secure.sh[[email protected] loganalyzer]#./configure.sh [[email protected] loganalyzer]#./secure.sh [[Email protected ] loganalyzer]# rm-rf configure.sh secure.sh [[email protected] loganalyzer]# chown-r Apache.apache *
6. Configure httpd default home page is index.php and start:
[Email protected] loganalyzer]# vim/etc/httpd/conf/httpd.conf directoryindex index.php[[email protected] Loganalyzer ]# service httpd startstarting httpd: [OK][[email protected] loganalyzer]#
7. Open the http://hostname/loganalyzer/install.php installation:
650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/79/1B/wKiom1aJET7A6nuCAACrG9lX9h0641.png "style=" float: none; "title=" One.png "alt=" Wkiom1ajet7a6nucaacrg9lx9h0641.png "/>
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/79/1A/wKioL1aJEWLhtHfSAAC9yOq9FVY449.png "style=" float: none; "title=" Two.png "alt=" Wkiol1ajewlhthfsaac9yoq9fvy449.png "/>
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/79/1A/wKioL1aJEWLzUmgwAAD-dwM5Kuk764.png "style=" float: none; "title=" 3.png "alt=" Wkiol1ajewlzumgwaad-dwm5kuk764.png "/>
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/79/1B/wKiom1aJEUDzbP8uAAEL1jfS-Po603.png "style=" float: none; "title=" 4.png "alt=" Wkiom1ajeudzbp8uaael1jfs-po603.png "/>
650) this.width=650; "src=" http://s2.51cto.com/wyfs02/M01/79/1B/wKiom1aJEUGCZjwLAADirb1y9kc363.jpg "style=" float: none; "title=" 5.jpg "alt=" Wkiom1ajeugczjwlaadirb1y9kc363.jpg "/>
650) this.width=650; "src=" http://s1.51cto.com/wyfs02/M01/79/1A/wKioL1aJEWXiGvp_AAFlZfTsCQ4328.jpg "style=" float: none; "title=" 6.jpg "alt=" Wkiol1ajewxigvp_aaflzftscq4328.jpg "/>
8. Configure Syslog to write logs to the MySQL database:
[Email protected] loganalyzer]# vim/etc/rsyslog.conf *.info:ommysql:127.0.0.1,syslog,loganauser,redhat[[email p Rotected] loganalyzer]# service rsyslog restartshutting down system logger: [OK]starting System logger: [OK][[email protected] loganalyzer]#
9. Refresh the page view log already has two records:
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/79/1B/wKiom1aJEnGgdHkLAAGE8KgJd3U792.png "title=" 1.png " alt= "Wkiom1ajenggdhklaage8kgjd3u792.png"/>
This article is from the "Systemcall Community" blog, so be sure to keep this source http://minux.blog.51cto.com/8994862/1731119
Rsyslog Introduction and combining Loganalyzer for log analysis