1. Overall Architecture
650) This. width = 650; "Title =" image "style =" border-top: 0px; border-Right: 0px; border-bottom: 0px; border-left: 0px; display: inline "border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201408/13/3367116_14079147897hDy.png "" 701 "Height =" 655 "/>
2. Configure central Log Server 2.1 configure clock synchronization 2.1.1 method 1
The central log server and tomcat node can be paired to the same clock source (for example, pool.ntp.org. Note: The commands below in this section are executed as root users and must be executed on the central log server and tomcat node.
First, you need to disable the ntpd service:
Service ntpd stop Chkconfig ntpd off |
Run crontab-E and enter the following content:
*/5 * ntpdate pool.ntp.org |
Indicates that the clock source is directed to pool.ntp.org every 5 minutes.
Restart cron: Service crond restart
2.1.2 method 2
When the central log server is used as the clock source and other Tomcat nodes are directed to the central log server, ensure that the time of the central log server is correct.
Note: The following commands in this section are executed as root users.
2.1.2.1. Central Log Server
Start the ntpd service and run the following command:
Service ntpd start Chkconfig ntpd on |
2.1.2.2. All Tomcat nodes
Test whether NTP can connect to the central log server:
Ntpdate 192.168.1.1
If the connection fails, it is generally caused by two reasons:
1. the ntpd service on the server has just been started. Generally, you need to wait a few minutes before the connection can be successful;
2. For firewall problems, UDP 123 port numbers must be enabled;
Disable ntpd:
Service ntpd stop Chkconfig ntpd off |
Run crontab-E and enter the following content:
*/5 * ntpdate 192.168.1.1 |
Indicates that the request is directed to the central log server every five minutes.
Restart cron: Service crond restart
2.2 Firewall Configuration
Rsyslog runs on port 514 by default. You must configure the firewall to open port 514 or disable the firewall.
In addition, if you are running on Linux systems such as RHEL, centos, and fedora, You need to disable SELinux.
2.3 configure rsyslog
Edit rsyslog. conf:
Uncomment the following two lines (delete the previous #):
$ Modload imudp
$ Udpserverrun 514
Modify the following line and add "; local2.none". Do not write logs of local2 to/var/log/messages:
*. Info; mail. None; authpriv. None; cron. None; local2.none/var/log/messages
Add the following line to write the debug-level logs of local2 to/var/log/dispatcher/debug. log:
Local2.debug/var/log/dispatcher/debug. Log
2.4 configure logrotate
For the log file/var/log/dispatcher/debug configured above. log, in order to avoid the file being too large due to the accumulation of time, you also need to back up the file in time, you can use the logrotate tool that comes with Linux to achieve this function.
Create a file/etc/logrotate. d/dispatcher with the following content:
/Var/log/dispatcher/debug. Log { Copytruncate Daily Minsize 1 m Rotate 90 } |
Indicates that backup is performed once a day, and 90 files are backed up, that is, only log files within three months are retained.
Parameters are described as follows:
1. copytruncate: indicates that this method adopts the copy and then empty method. The operation handle of the log file has not changed throughout the process, so you do not need to notify the application to re-open the log file;
2. Daily: round-robin backups every day;
3. minsize 1 M: The minimum file size is 1 M. Rotate is performed only when the value is exceeded;
4. Rotate 90: round-robin backup of 90 files.
Logrotate is executed based on cron tasks. Its execution script is located under/etc/cron. daily, that is, logrotate runs automatically once a day.
You can also run the following command: logrotate-F/etc/logrotate. d/dispatcher.
3. Configure log4j in Tomcat node 3.1
Configure log4j to transfer logs to the log server.
Edit the log4j configuration file log4j. properties and add the following content (if the rootlogger of the first line has been configured, merge it ):
Log4j. rootlogger = debug, Syslog Log4j. appender. syslog = org.apache.log4j.net. syslogappender Log4j. appender. syslog. sysloghost = 192.168.0.1 Log4j. appender. syslog. Threshold = debug Log4j. appender. syslog. layout = org. Apache. log4j. patternlayout Log4j. appender. syslog. layout. conversionpattern = %-d {yyyy-mm-dd hh \: mm \: SS} [% P] % m [% L] % N Log4j. appender. syslog. header = true Log4j. appender. syslog. Facility = local2 |
Note:
1. log4j. appender. syslog. sysloghost must be configured as the IP address or domain name of the central log server;
2. log4j. appender. syslog. facility must be set to local2, which is consistent with the rsyslog configured in the central log server.
3.2 configure rsyslog to transmit all logs to the log server
Note: This step is not required and can be configured as needed.
Edit/etc/rsyslog. conf and add the following line:
*. * @ 192.168.0.1
All logs can be output to the log server through UDP protocol.
Note: If you want reliable transmission, we recommend that you use the TCP protocol for transmission. Change the preceding line:
*. * @ 192.168.0.1
You can.
4. Expansion
The preceding sections use rsyslog + logrotate to centrally store and manage logs. In addition, you can use MySQL + loganalyzer to store logs and perform Web Graphical Analysis and viewing.