Linux Rsyslog detailed

Concepts and Features

History log, historical events: Time, event itself, log level (depending on the criticality of time)

System Log service: Syslog has two processes syslogd (System is responsible for user processes), KLOGD (kernel responsible for kernel processes)

CENTOS7:RSYSLOG:SYSLOGD, KLOGD

Comparison of Rsyslog and syslog:

1 , multi-process, can receive logs for non-native processes;

2, support udp\tcp\ssl\tls\relp;

3, support Mysql,pgsql,oralce realize log storage;

4. Powerful built-in filter, can realize any part of filtering log information;

5 , custom output format;

(Not all programs are rsyslog responsible for recording, and some have their own log records)

Collection Tool Elk:elasticsearch Powerful elastic search tool, Logstash log collector, Kibana front-end Log display

Log collection put:

Facility Facilities (classification of logs from the function live program), multiple data streams with the same characteristics are constrained within a single pipeline.

Auth, Authpriv, cron, daemon, Kern, LPR, mail, Mark, news, security, user, UUCP, LOCAL0-LOCAL7, syslog

Priority Log Level

Debug, info, notice, warn (warning), err (Error), Crit (critical), Alert, Emerg (panic)

Specify level: * (all levels), none (no level), priority (this level and higher log information), =priority (This level)

Facility.priority/var/log/messages

#rpm-Q Rsyslog

Program Environment

Main program RSYSLOGD

Configuration file/etc/rsyslog.conf

RULES:

Facility.priority Target (not just a file, it can be a user)

File path: Log to file, usually in/var/log, before file path plus-Indicates asynchronous synchronization

User: Notifies other users of the log, * indicates all users

Log server: [email protected]:514, must be listening on a TCP or UDP port, usually 514 ports

Pipeline: | COMMAND

log format for file records:

host

process pid

Some logging binary formats:/var/log/wtmp (logging of logs that are successfully logged on the current system, last view),/var/log/btmp (logging of failed logins on the current system, LASTB Viewing)

Lastlog command: Displays the last login time for each user of the current system

Service Script/etc/rc.d/init.d/rsyslog

Rsyslog Server:

#vi/etc/rsyslog.conf

$ModLoadimudp

$UDPServerRun 514

#Provides TCP syslog Reception

$ModLoadimtcp

$InputTCPServerRun 514

Configure log information using MySQL-based storage:

(1) Prepare the MySQL server, create the user, authorize the full access to the Syslog database;

(2) Install the Rsyslog-mysql package;

(3) Create a database of rsyslog-mysql dependencies;

#mysql-uusername-hhost-ppassword </usr/share/doc/rsyslog-mysql-version/createdb.sql

(4) Configuring Rsyslog using Ommysql Module

# # # #MODULES # #

$ModLoadommysql

# # # #RULES # #

Facility.priority:ommysql:dbhost,db,dbuser,userpass

Restart Rsyslog Service

(5) Installation Loganalyzer

(a) configuration of webserver, support for PHP

#yum Install httpd php php-mysql PHP-GD

#service httpd Start

(b) Loganalyzer

#cp-R Loganalyzer-3.6.5/src/var/www/html/loganalyzer

#cp Loganalyzer-3.6.5/contrib/*.sh/var/www/html/loganalyzer

#cd/var/www/html/loganalyzer

#chmod +x *.sh

#./configure.sh

#./secure.sh

#chmod 666 config.php

This article is from the "Qinnengbuzhuo" blog, make sure to keep this source http://echoroot.blog.51cto.com/11804540/1962987

Linux Rsyslog detailed