Linux remote log rsyslog server and client installation (parental testing)--Custom receive log format __linux

Source: Internet
Author: User
Tags syslog system log rsyslog

Linux remote log rsyslog server and client Installation

The reason for using Rsyslog:
1. Prevent system crashes unable to get system log share crash reason, with Rsyslog can transfer log to remote log server
2. Using the Rsyslog log can reduce system pressure because using Rsyslog can effectively reduce the system's disk IO
3.rsyslog using TCP transmission is very reliable, can filter the log, extract the effective log, Rsyslog is lightweight log software, in a large number of log write case, the system load is basically under 0.1

I. Preparation before installation
1. Download rsyslog-5.6.2
2. Prepare two machines (Linux or Unix), one client, one server

Server-side and client installation steps:

#指定安装目录  
./configure--prefix=/application/rsyslog  

#编译  
make  

#安装 make  
install  
#添加lib  
echo "/application/rsyslog/lib/rsyslog" >>/etc/ld.so.conf  
#更新lib  
ldconfig  

#产生配置文件  
cp/etc /syslog.conf/etc/rsyslog.conf
Generate service Files

Vi/etc/init.d/rsyslog

#!/bin/bash # # Rsyslog starts rsyslogd/rklogd. # # Chkconfig:-# Description:syslog is the facility by which many daemons with to log \ # messages to VA rious System log files.  
It is a good idea to always \ # run Rsyslog. ### BEGIN INIT INFO # provides: $syslog # Required-start: $local _fs $network $remote _fs # required-stop: $local _fs $ Network $remote _FS # default-stop:0 1 2 3 4 5 6 # short-description:enhanced system logging and kernel message Trapp ing daemons # Description:rsyslog is a enhanced multi-threaded syslogd supporting, # among others, MySQL, SYSLOG/TC  
P, RFC 3195, permitted # sender lists, filtering on "any" part, and fine # grain the output format control.  
### End INIT INFO # Source function library. Basedir=/application/rsyslog moddir=/application/rsyslog/lib/rsyslog/rsyslogdfile= $basedir/sbin/rsyslogd. /etc/init.d/functions retval=0 Start () {[-X $rsyslogdfile] | | Exit 5 # does not start RSYSLOG when SYSKLOGD is running if [-e/var/run/syslogd.pid];  
Then echo $ "shut down SYSKLOGD before you run Rsyslog";  
Exit 1; Fi # Source config if [-f/etc/sysconfig/rsyslog]; Then. /etc/sysconfig/rsyslog else syslogd_options= "-M $moddir" fi if [-Z "$SYSLOG _umask"];  
Then syslog_umask=077;  
Fi umask $SYSLOG _umask echo-n $ "Starting system logger:" Daemon $rsyslogdfile $SYSLOGD _options retval=$? echo [$RETVAL-eq 0] && touch/var/lock/subsys/rsyslog return $RETVAL} stop () {echo-n $ ' shutting do  
WN System Logger: "Killproc $rsyslogdfile retval=$? echo [$RETVAL-eq 0] && rm-f/var/lock/subsys/rsyslog return $RETVAL} reload () {retval=1 syslog= ' Cat/var/run/rsyslogd.pid 2>/dev/null ' echo-n ' reloading system logger ... ' if [-N ' ${syslog} '] && [-E/PR oc/"${syslog}"];  
Then Kill-hup "$syslog";  
Retval=$? fi if [$RETVAL-ne 0]; Then failure else Success fi echo return $RETVAL} 
Rhstatus () {Status rsyslogd} restart () {Stop start} case ' "in Start ') start;;  
stop) stop;;  
restart) restart;;  
Reload|force-reload) reload;;  
status) Rhstatus;; Condrestart) [-f/var/lock/subsys/rsyslog] && Restart | |  
:  
;;
 * echo $ "Usage: $ {Start|stop|restart|reload|force-reload|condrestart}" Exit 2 Esac exit $?

Start a service
#产生服务文件  
chmod +x/etc/init.d/rsyslog  
#启动前先把syslog停止  
service syslog stop  
service rsyslog start
Configuring the service side The

Vi/etc/rsyslog.conf #在文件开始加上, while ensuring that port 514 can be accessed by clients using TCP access

 

Configure client  
Vi/etc/rsysl og.conf #在文件开始加上

 #把包含sdns_log的信息通过tcp发到192.168.1.2 @@ 表示 that TCP @ represents udp:rawmsg, contains, " Sdns_log "@@192.168.1.2 #这个表示丢弃包含sdns_log标志的信息 to prevent this information from being written to the local/var/log/message:rawmsg, contains," Sdns_log "~ 

Test Try:  
Execute   on client
logger-p user.info "Sdns_log 34334"  
log generation in Server/application/sdns/log/directory

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.