Linux 下的日志服务器搭建
<p>Linux 下的日志服务器操作</p><p>1.系统日志默认分类:</p>
<p>/var/log/messages 系统服务及日志,包括服务的信息,报错等等</p>
<p>/var/log/secure 系统认证信息日志</p>
<p>/var/log/maillog 系统邮件服务信息</p>
<p>/var/log/cron 系统定时任务信息</p>
<p>/var/log/boot.log 系统启动信息</p>
<p>日志设备(可以理解为日志类型):</p>
<p>auth pam产生的日志</p>
<p>authpriv ssh,ftp等登录信息的验证信息</p>
<p>cron 时间任务相关</p>
<p>kern 内核</p>
<p>lpr 打印</p>
<p>mail 邮件</p>
<p>mark(syslog)–rsyslog 服务内部的信息,时间标识</p>
<p>news 新闻组</p>
<p>user 用户程序产生的相关信息</p>
<p>uucp unix to unix copy, unix主机之间相关的通讯</p>
<p>local 1~7 自定义的日志设备</p>
<p>日志级别:</p>
<p>debug 有调式信息的,日志信息最多</p>
<p>info 一般信息的日志,最常用</p>
<p>notice 最具有重要性的普通条件的信息</p>
<p>warning 警告级别</p>
<p>err 错误级别,阻止某个功能或者模块不能正常工作的信息</p>
<p>crit 严重级别,阻止整个系统或者整个软件不能正常工作的信息</p>
<p>alert 需要立刻修改的信息</p>
<p>emerg 内核崩溃等严重信息</p>
<p>none 什么都不记录</p>
<p>2. 服务器端配置:打开日志配置文件/etc/rsyslog.conf</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)"># Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun </span><span style="color: rgba(128, 0, 128, 1)">514</span><span style="color: rgba(0, 0, 0, 1)">
# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun </span><span style="color: rgba(128, 0, 128, 1)">514</span></pre>
</div>
<p>重启rsyskog服务</p>
<p>3.客户端配置</p>
<p>vim /etc/rsyslog.conf</p>
<p>若启用UDP传输:添加如下1行</p>
<div class="cnblogs_code">
<pre>*.* @<span style="color: rgba(128, 0, 128, 1)">192.168</span>.<span style="color: rgba(128, 0, 128, 1)">30.254</span>:<span style="color: rgba(128, 0, 128, 1)">514</span></pre>
</div>
<p>若启用TCP传输:添加如下1行</p>
<div class="cnblogs_code">
<pre>*.* @@<span style="color: rgba(128, 0, 128, 1)">192.168</span>.<span style="color: rgba(128, 0, 128, 1)">30.254</span>:<span style="color: rgba(128, 0, 128, 1)">514</span></pre>
</div>
<p>测试</p>
<p>服务器端检查514端口是否正常</p>
<div class="cnblogs_code">
<pre># lsof -i:<span style="color: rgba(128, 0, 128, 1)">514</span><span style="color: rgba(0, 0, 0, 1)">
COMMAND PID USERFDTYPE DEVICE SIZE</span>/<span style="color: rgba(0, 0, 0, 1)">OFF NODE NAME
rsyslogd </span><span style="color: rgba(128, 0, 128, 1)">14021</span> root <span style="color: rgba(128, 0, 128, 1)">3u</span>IPv4<span style="color: rgba(128, 0, 128, 1)">43402</span> 0t0TCP *<span style="color: rgba(0, 0, 0, 1)">:shell (LISTEN)
rsyslogd </span><span style="color: rgba(128, 0, 128, 1)">14021</span> root <span style="color: rgba(128, 0, 128, 1)">4u</span>IPv6<span style="color: rgba(128, 0, 128, 1)">43403</span> 0t0TCP *<span style="color: rgba(0, 0, 0, 1)">:shell (LISTEN)
rsyslogd </span><span style="color: rgba(128, 0, 128, 1)">14021</span> root<span style="color: rgba(128, 0, 128, 1)">11u</span>IPv4<span style="color: rgba(128, 0, 128, 1)">42786</span> 0t0TCP <span style="color: rgba(128, 0, 128, 1)">192.168</span>.<span style="color: rgba(128, 0, 128, 1)">30.254</span>:shell-><span style="color: rgba(128, 0, 128, 1)">192.168</span>.<span style="color: rgba(128, 0, 128, 1)">30.1</span>:<span style="color: rgba(128, 0, 128, 1)">59181</span> (ESTABLISHED)</pre>
</div>
<p>现在客户端已经正常连上服务端</p>
<p>现在在服务端查看日志,同时在客户端进行日志测试操作</p>
<p>客户端</p>
<div class="cnblogs_code">
<pre>logger <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">12222222222222222222222222222222222222222</span><span style="color: rgba(128, 0, 0, 1)">"</span></pre>
</div>
<p>服务端:</p>
<div class="cnblogs_code">
<pre># <span style="color: rgba(0, 0, 255, 1)">tail</span> -f /var/log/<span style="color: rgba(0, 0, 0, 1)">messages
Jul</span><span style="color: rgba(128, 0, 128, 1)">4</span> <span style="color: rgba(128, 0, 128, 1)">16</span>:<span style="color: rgba(128, 0, 128, 1)">55</span>:<span style="color: rgba(128, 0, 128, 1)">01</span> localhost systemd: Started Session <span style="color: rgba(128, 0, 128, 1)">214</span><span style="color: rgba(0, 0, 0, 1)"> of user pcp.
Jul</span><span style="color: rgba(128, 0, 128, 1)">4</span> <span style="color: rgba(128, 0, 128, 1)">16</span>:<span style="color: rgba(128, 0, 128, 1)">55</span>:<span style="color: rgba(128, 0, 128, 1)">01</span> localhost systemd: Starting Session <span style="color: rgba(128, 0, 128, 1)">214</span><span style="color: rgba(0, 0, 0, 1)"> of user pcp.
Jul</span><span style="color: rgba(128, 0, 128, 1)">4</span> <span style="color: rgba(128, 0, 128, 1)">16</span>:<span style="color: rgba(128, 0, 128, 1)">55</span>:<span style="color: rgba(128, 0, 128, 1)">02</span> localhost systemd: Removed slice user-<span style="color: rgba(128, 0, 128, 1)">995</span><span style="color: rgba(0, 0, 0, 1)">.slice.
Jul</span><span style="color: rgba(128, 0, 128, 1)">4</span> <span style="color: rgba(128, 0, 128, 1)">16</span>:<span style="color: rgba(128, 0, 128, 1)">55</span>:<span style="color: rgba(128, 0, 128, 1)">02</span> localhost systemd: Stopping user-<span style="color: rgba(128, 0, 128, 1)">995</span><span style="color: rgba(0, 0, 0, 1)">.slice.
Jul</span><span style="color: rgba(128, 0, 128, 1)">4</span> <span style="color: rgba(128, 0, 128, 1)">16</span>:<span style="color: rgba(128, 0, 128, 1)">55</span>:<span style="color: rgba(128, 0, 128, 1)">01</span> localhost systemd: Created slice user-<span style="color: rgba(128, 0, 128, 1)">995</span><span style="color: rgba(0, 0, 0, 1)">.slice.
Jul</span><span style="color: rgba(128, 0, 128, 1)">4</span> <span style="color: rgba(128, 0, 128, 1)">16</span>:<span style="color: rgba(128, 0, 128, 1)">55</span>:<span style="color: rgba(128, 0, 128, 1)">01</span> localhost systemd: Starting user-<span style="color: rgba(128, 0, 128, 1)">995</span><span style="color: rgba(0, 0, 0, 1)">.slice.
Jul</span><span style="color: rgba(128, 0, 128, 1)">4</span> <span style="color: rgba(128, 0, 128, 1)">16</span>:<span style="color: rgba(128, 0, 128, 1)">55</span>:<span style="color: rgba(128, 0, 128, 1)">01</span> localhost systemd: Started Session <span style="color: rgba(128, 0, 128, 1)">65</span><span style="color: rgba(0, 0, 0, 1)"> of user pcp.
Jul</span><span style="color: rgba(128, 0, 128, 1)">4</span> <span style="color: rgba(128, 0, 128, 1)">16</span>:<span style="color: rgba(128, 0, 128, 1)">55</span>:<span style="color: rgba(128, 0, 128, 1)">01</span> localhost systemd: Starting Session <span style="color: rgba(128, 0, 128, 1)">65</span><span style="color: rgba(0, 0, 0, 1)"> of user pcp.
Jul</span><span style="color: rgba(128, 0, 128, 1)">4</span> <span style="color: rgba(128, 0, 128, 1)">16</span>:<span style="color: rgba(128, 0, 128, 1)">55</span>:<span style="color: rgba(128, 0, 128, 1)">02</span> localhost systemd: Removed slice user-<span style="color: rgba(128, 0, 128, 1)">995</span><span style="color: rgba(0, 0, 0, 1)">.slice.
Jul</span><span style="color: rgba(128, 0, 128, 1)">4</span> <span style="color: rgba(128, 0, 128, 1)">16</span>:<span style="color: rgba(128, 0, 128, 1)">55</span>:<span style="color: rgba(128, 0, 128, 1)">02</span> localhost systemd: Stopping user-<span style="color: rgba(128, 0, 128, 1)">995</span><span style="color: rgba(0, 0, 0, 1)">.slice.
Jul</span><span style="color: rgba(128, 0, 128, 1)">4</span> <span style="color: rgba(128, 0, 128, 1)">16</span>:<span style="color: rgba(128, 0, 128, 1)">55</span>:<span style="color: rgba(128, 0, 128, 1)">46</span> localhost root: <span style="color: rgba(128, 0, 128, 1)">12222222222222222222222222222222222222222</span></pre>
</div>
<p>这样一个简单的日志服务器就搭建完成了</p>
<p>但是我们会发现这样的日志会和服务器端的日志都是放在同一个文件下的,这样会产生很多的混乱,所以我们需要将这些日志进行分类存放</p>
<p>所以我们需要以下几点</p>
<p>1. 在/etc/rsyslog.conf中存在$IncludeConfig /etc/rsyslog.d/*.conf这么一句话,表示它会去这个目录下读取以.conf为后缀的所有文件</p>
<p>2.</p>
<p>:属性, 比较操作符, “值” 保存位置</p>
<p>属性包括以下内容</p>
<p>fromhost 哪个主机名发过来的</p>
<p>fromhost-ip 哪个ip发过来的</p>
<p>msg 从日志信息里的内容判断</p>
<p>hostname 从日志中的主机名判断</p>
<p>比较操作符包括以下内容</p>
<p>contains 包含</p>
<p>isequal 等于</p>
<p>startswith 以...开头</p>
<p>原文链接:https://blog.csdn.net/xiayun1995/java/article/details/83962934</p>
<p>那我们就在日志服务器/etc/rsyslog.d/写入一个叫192.168.30.1.conf的文件</p>
<p>:fromhost-ip, isequal, "192.168.30.1" /var/log/cclient/192,168.30.1.log</p>
<p>接下在客户端下进行一个简单日志操作</p>
<p>logger "12222222222222222222222222222222222222222"</p>
<p>查看服务端文件</p>
<p># cat 192,168.30.1.log</p>
<p>Jul 4 17:19:18 localhost root: 12222222222222222222222222222222222222222</p>
<p>日志同步成功</p><br><br>
来源:https://www.cnblogs.com/misssoul/p/13557190.html
頁:
[1]