Log Analysis -1.rsyslog basic configuration (server/client)

Log Analysis -1.rsyslog basic configuration (server/client)
CENTOS6 up/etc/syslog.conf no longer have! But/etc/rsyslog.conf instead!
Rsyslog is a multi-threaded enhanced version of Syslog, and now the default log system for Fedora, Ubuntu, Rhel6, CENTOS6 is Rsyslog.
Rsyslog is mainly used to collect various logs generated by the system, and the log is placed in the/var/log/directory by default.
The Log Collection tool not only collects logs from this machine, but also collects logs from other machines.

Under the configuration of the client/server architecture, Rsyslog also plays two roles:
1. As a server, Rsyslog can collect log information from other facilities;
2. As a client, Rsyslog can transfer its internal log information to a remote syslog server.

Rsyslog is a Log collection tool, and many Linux now have their own rsyslog, replacing the syslog with it.
Instance
server:192.168.10.222
client:192.168.4.171
client:192.168.4.178

I. Configuration on server-side 192.168.10.222
Vim/etc/rsyslog.conf
1. Turn on udp,tcp
-------------------------------------------------------------
# provides UDP syslog reception
$ModLoad imudp #开启, get rid of #
$UDPServerRun 514 #开启, get rid of #

# provides TCP syslog reception
$ModLoad imtcp #开启, get rid of #
$InputTCPServerRun 514 #开启, get rid of #

Cancels the above 4-line Comment
There are 2 modes of delivery, UDP and TCP "UDP,TCP follow-up instructions"
UDP is a faster than TCP, but does not have the same reliability as TCP traffic. So if you need to use a reliable delivery mechanism, you get rid of the TCP part number.

It is important to note that TCP and UDP can be simultaneously active to listen for TCP/UDP connections.
If you are monitoring a private IP address, turning on UDP is sufficient

If you turn on TCP, you need to add a configuration
$InputTCPMaxSessions #tcp接收连接数为500个

2. Other parts by default

3. Check that the configuration file is correct
rsyslogd-n1
Check that the configuration is correct
Error will be reported if there are errors

4. Restart the Rsyslog log
/etc/init.d/rsyslog restart

5. (If there is a firewall to open UDP 514 port, 161 is for SNMP)
Shield open port, log collection server must be turned on
-A input-s xxxxx/24-i bond1-p udp-m UDP--dport 514-j ACCEPT
-A input-s xxxxx/24-i bond1-p udp-m UDP--dport 161-j ACCEPT

two. Configuration of 2 clients
1. Modify the configuration vim/etc/rsyslog.conf
#
# First some standard log files. Log by facility.
#
auth,authpriv.*/var/log/auth.log
*.*;auth,authpriv.none,cron.! *-/var/log/syslog
*.*;auth,authpriv.none,cron.! * @192.168.10.222#添加这一条, IP addresses the IP address of the server IP address to add this, IP for the server IP address "Note @ip Direct no space"
Cron.*/var/log/cron.log
Daemon.*-/var/log/daemon.log
Kern.*-/var/log/kern.log
Lpr.*-/var/log/lpr.log
Mail.*-/var/log/mail.log
User.*-/var/log/user.log

2. Other parts by default

3. Check that the configuration file is correct
Rsyslogd-n1
Check that the configuration is correct
Error will be reported if there are errors

4. Restart the Rsyslog log
/etc/init.d/rsyslog restart

4. Send a test log
Use Netcat to send a test log using Rsyslog to verify that you can receive UDP messages: "NC command Follow-up instructions"
echo ": Hello" | nc-u-W 1 server IP address 514


On the server side
Tail-f/var/log/message
Run separately on the client
[Email protected]:~# echo ": Test-hello" | Nc-u-W 1 192.168.10.222 514
[Email protected]:~# echo ":D Ebian-hello" | Nc-u-W 1 192.168.10.222 514

Can see
May 12:00:09 192.168.4.178:debian-hello
May 12:01:01 192.168.4.171:test-hello


The following sections are described in follow-up content
Rsyslog's rotation, filtering, and advanced usage, as well as the current popular elk, as well as logging of network devices such as switches

The above is a personal point of summary and understanding, the level is not high, the level of writing is very bad, please greatly forgive me.
Can exchange learning together.

My qq:610851588.
Can join my build group (now very few people, hope slowly more up)
Linux Clusters: 183932302
Python, Shell AC Group: 469094734

This article from the "Go to the Origin dimension" blog, reproduced please contact the author!

Log Analysis -1.rsyslog basic configuration (server/client)