CentOS7+Rsyslog+MySQL 搭建 Rsyslog 日志服务器
文章目录
1、主机环境
rsyslog-server 10.11.66.218
rsyslog-client 10.11.66.225
[root@localhost ~]# cat /etc/redhat-release
CentOS Linux release 7.7.1908 (Core)
[root@localhost ~]# uname -r
3.10.0-1062.el7.x86_64
[root@localhost ~]# free -h
total used free shared buff/cache available
Mem: 2.9G 140M 2.7G 8.9M 103M 2.7G
Swap: 3.0G 0B 3.0G
[root@localhost ~]# hostnamectl --static set-hostname rsyslog-server
2、rsyslog搭建
2.1、rsyslog-server搭建
[root@rsyslog-server ~]# cp /etc/rsyslog.conf{,.bak}
[root@rsyslog-server ~]# vim /etc/rsyslog.conf
$ModLoad imudp # 使用udp协议,也可以使用tcp协议
$UDPServerRun 514 # 开启514端口
[root@rsyslog-server ~]# systemctl restart rsyslog.service
[root@rsyslog-server ~]# systemctl enable rsyslog.service
2.2、rsyslog-client
[root@localhost ~]# hostnamectl --static set-hostname rsyslog-client
[root@rsyslog-client ~]# yum -y install nginx
[root@rsyslog-client ~]# cp /etc/rsyslog.conf{,.bak} # 良好的习惯,从备份配置文件开始
[root@rsyslog-client ~]# vim /etc/rsyslog.conf
[root@rsyslog-client ~]# egrep -v "^$|#" /etc/rsyslog.conf
$ModLoad imudp # 使用udp协议,也可以使用tcp协议
$UDPServerRun 514 # 开启514端口
$WorkDirectory /var/lib/rsyslog
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
$OmitLocalLogging on
$IMJournalStateFile imjournal.state
*.info;mail.none;authpriv.none;cron.none @10.11.66.218 # 将日志存到远端rsyslog-server上
authpriv.* /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
*.emerg :omusrmsg:*
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log
[root@rsyslog-client ~]# systemctl restart rsyslog.service
[root@rsyslog-client ~]# systemctl enable rsyslog.service # 以防万一
2.2.1、测试
[root@rsyslog-client ~]# systemctl restart nginx.service
[root@rsyslog-server ~]# tail /var/log/messages
Jul 18 17:17:47 rsyslog-server systemd: Stopped System Logging Service.
Jul 18 17:17:47 rsyslog-server systemd: Starting System Logging Service...
Jul 18 17:17:47 rsyslog-server rsyslogd: [origin software="rsyslogd" swVersion="8.24.0-52.el7_8.2" x-pid="2419" x-info="http://www.rsyslog.com"] start
Jul 18 17:17:47 rsyslog-server systemd: Started System Logging Service.
Jul 18 17:17:52 rsyslog-server systemd: Reloading.
Jul 18 17:18:15 rsyslog-client systemd: Starting The nginx HTTP and reverse proxy server...
Jul 18 17:18:15 rsyslog-client nginx: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Jul 18 17:18:15 rsyslog-client nginx: nginx: configuration file /etc/nginx/nginx.conf test is successful
Jul 18 17:18:15 rsyslog-client systemd: Failed to parse PID from file /run/nginx.pid: Success
Jul 18 17:18:15 rsyslog-client systemd: Started The nginx HTTP and reverse proxy server.
# rsyslog-server成功获取到rsyslog-client的日志
2.3、rsyslog日志分类
# 只需要在rsyslog-server上操作即可
[root@rsyslog-server ~]# vim /etc/rsyslog.d/default.conf
尽量避免修改主配置文件,我们在 '/etc/rsyslog.d/'中新建'default.conf',追加如下模板:
#### GLOBAL DIRECTIVES ####
# Use default timestamp format # 使用自定义的格式
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$template myFormat,"%timestamp% %fromhost-ip% %syslogtag% %msg%\n"
$ActionFileDefaultTemplate myFormat
# 根据客户端的IP单独存放主机日志在不同目录,rsyslog需要手动创建
$template RemoteLogs,"/var/log/rsyslog/%fromhost-ip%/%syslogtag%_%$YEAR%-%$MONTH%-%$DAY%-%$hour%:%$minute%.log"
# 排除本地主机IP日志记录,只记录远程主机日志
:fromhost-ip, !isequal, "127.0.0.1" ?RemoteLogs
# 忽略之前所有的日志,远程主机日志记录完之后不再继续往下记录
& ~
[root@rsyslog-server ~]# egrep -v "^$|#" /etc/sysconfig/rsyslog
SYSLOGD_OPTIONS="-r -m 0 -c 2"
[root@rsyslog-server ~]# mkdir /var/log/rsyslog
[root@rsyslog-server ~]# chmod a+w /var/log/rsyslog/
[root@rsyslog-server ~]# systemctl restart rsyslog.service
2.3.1、测试
[root@rsyslog-client ~]# systemctl restart nginx.service
[root@rsyslog-server ~]# cd /var/log/rsyslog/
[root@rsyslog-server rsyslog]# ls
10.11.66.225
[root@rsyslog-server rsyslog]# cd 10.11.66.225/
[root@rsyslog-server 10.11.66.225]# ls
nginx:_2020-07-18-17:24.log systemd:_2020-07-18-17:24.log
[root@rsyslog-server 10.11.66.225]# cat nginx\:_2020-07-18-17\:24.log # nginx没有操作,所以没有日志内容
[root@rsyslog-server 10.11.66.225]# cat systemd\:_2020-07-18-17\:24.log # systemctl的操作日志,被记录在systemd日志下
Jul 18 17:24:54 10.11.66.225 systemd: Starting The nginx HTTP and reverse proxy server...
Jul 18 17:24:54 10.11.66.225 systemd: Failed to parse PID from file /run/nginx.pid: Success
Jul 18 17:24:54 10.11.66.225 systemd: Started The nginx HTTP and reverse proxy server.
3、基于mysql存储日志信息
3.1、安装mariadb
# 注意主机名
[root@rsyslog-server ~]# yum -y install mariadb mariadb-server
[root@rsyslog-client ~]# yum -y install rsyslog-mysql mariadb-server
3.2、配置mariadb数据库
[root@rsyslog-server ~]# systemctl enable mariadb.service --now # rsyslog-server和rsyslog-client都需要启动,方便测试
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
3.3、配置rsyslog-server
[root@rsyslog-server ~]# mysql_secure_installation # 数据库初始化
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] n
... skipping.
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] n
... skipping.
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
[root@rsyslog-server ~]# mysql -uroot -p # 不要在终端明文输入密码
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 11
Server version: 5.5.65-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database rsyslog; # 创一个rsyslog库
Query OK, 1 row affected (0.01 sec)
MariaDB [(none)]> show databases; # 查看是否创建成功
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| rsyslog |
+--------------------+
4 rows in set (0.01 sec)
MariaDB [(none)]> grant all on rsyslog.* to "rsyslog"@"10.11.66.%" identified by "1234.com"; # 创建一个rsyslog的用户
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> flush privileges; # 刷新授权
Query OK, 0 rows affected (0.00 sec)
[root@rsyslog-server ~]# cp /etc/my.cnf{,.bak}
[root@rsyslog-server ~]# vim /etc/my.cnf
skip_name_resolve=on # 这个参数是禁止域名解析
innodb_file_per_table=on # 共享表空间转化为独立表空间
[root@rsyslog-server ~]# systemctl restart mariadb.service
3.4、配置rsyslog-client
[root@rsyslog-client ~]# cat /usr/share/doc/rsyslog-8.24.0/mysql-createDB.sql
USE rsyslog;
CREATE TABLE SystemEvents
(
ID int unsigned not null auto_increment primary key,
CustomerID bigint,
ReceivedAt datetime NULL,
DeviceReportedTime datetime NULL,
Facility smallint NULL,
Priority smallint NULL,
FromHost varchar(60) NULL,
Message text,
NTSeverity int NULL,
Importance int NULL,
EventSource varchar(60),
EventUser varchar(60) NULL,
EventCategory int NULL,
EventID int NULL,
EventBinaryData text NULL,
MaxAvailable int NULL,
CurrUsage int NULL,
MinUsage int NULL,
MaxUsage int NULL,
InfoUnitID int NULL ,
SysLogTag varchar(60),
EventLogType varchar(60),
GenericFileName VarChar(60),
SystemID int NULL
);
CREATE TABLE SystemEventsProperties
(
ID int unsigned not null auto_increment primary key,
SystemEventID int NULL ,
ParamName varchar(255) NULL ,
ParamValue text NULL
);
[root@rsyslog-client ~]# mysql -ursyslog -h 10.11.66.218 -p # 测试远程连接没有问题
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 12
Server version: 5.5.65-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
[root@rsyslog-client ~]# mysql -ursyslog -h 10.11.66.218 -p < /usr/share/doc/rsyslog-8.24.0/mysql-createDB.sql
Enter password:
3.5、测试
[root@rsyslog-client ~]# vim /etc/rsyslog.conf
#### MODULES ####
$ModLoad ommysql
#### RULES ####
#*.info;mail.none;authpriv.none;cron.none @10.11.66.218
*.info;mail.none;authpriv.none;cron.none :ommysql:10.11.66.218,rsyslog,rsyslog,1234.com
[root@rsyslog-client ~]# systemctl restart rsyslog.service
[root@rsyslog-client ~]# systemctl restart nginx.service
[root@rsyslog-client ~]# mysql -ursyslog -h 10.11.66.218 -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 7
Server version: 5.5.65-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| rsyslog |
+--------------------+
2 rows in set (0.00 sec)
MariaDB [(none)]> use rsyslog;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [rsyslog]> show tables;
+------------------------+
| Tables_in_rsyslog |
+------------------------+
| SystemEvents |
| SystemEventsProperties |
+------------------------+
2 rows in set (0.00 sec)
MariaDB [rsyslog]> select * from SystemEvents;
+----+------------+---------------------+---------------------+----------+----------+----------------+---------------------------------------------------------------------------------------------------------------------------------+------------+------------+-------------+-----------+---------------+---------+-----------------+--------------+-----------+----------+----------+------------+-----------+--------------+-----------------+----------+
| ID | CustomerID | ReceivedAt | DeviceReportedTime | Facility | Priority | FromHost | Message | NTSeverity | Importance | EventSource | EventUser | EventCategory | EventID | EventBinaryData | MaxAvailable | CurrUsage | MinUsage | MaxUsage | InfoUnitID | SysLogTag | EventLogType | GenericFileName | SystemID |
+----+------------+---------------------+---------------------+----------+----------+----------------+---------------------------------------------------------------------------------------------------------------------------------+------------+------------+-------------+-----------+---------------+---------+-----------------+--------------+-----------+----------+----------+------------+-----------+--------------+-----------------+----------+
| 1 | NULL | 2020-07-18 18:00:12 | 2020-07-18 18:00:12 | 3 | 6 | rsyslog-client | Stopping System Logging Service... | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 1 | systemd: | NULL | NULL | NULL |
| 2 | NULL | 2020-07-18 18:00:12 | 2020-07-18 18:00:12 | 5 | 6 | rsyslog-client | [origin software="rsyslogd" swVersion="8.24.0-52.el7_8.2" x-pid="17500" x-info="http://www.rsyslog.com"] exiting on signal 15. | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 1 | rsyslogd: | NULL | NULL | NULL |
| 3 | NULL | 2020-07-18 18:00:12 | 2020-07-18 18:00:12 | 3 | 6 | rsyslog-client | Stopped System Logging Service. | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 1 | systemd: | NULL | NULL | NULL |
| 4 | NULL | 2020-07-18 18:00:12 | 2020-07-18 18:00:12 | 3 | 6 | rsyslog-client | Starting System Logging Service... | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 1 | systemd: | NULL | NULL | NULL |
| 5 | NULL | 2020-07-18 18:00:17 | 2020-07-18 18:00:17 | 5 | 6 | rsyslog-client | [origin software="rsyslogd" swVersion="8.24.0-52.el7_8.2" x-pid="18007" x-info="http://www.rsyslog.com"] start | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 1 | rsyslogd: | NULL | NULL | NULL |
| 6 | NULL | 2020-07-18 18:00:17 | 2020-07-18 18:00:17 | 3 | 6 | rsyslog-client | Started System Logging Service. | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 1 | systemd: | NULL | NULL | NULL |
| 7 | NULL | 2020-07-18 18:01:01 | 2020-07-18 18:01:01 | 3 | 6 | rsyslog-client | Started Session 78 of user root. | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 1 | systemd: | NULL | NULL | NULL |
| 8 | NULL | 2020-07-18 18:02:35 | 2020-07-18 18:02:35 | 3 | 6 | rsyslog-client | Starting The nginx HTTP and reverse proxy server... | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 1 | systemd: | NULL | NULL | NULL |
| 9 | NULL | 2020-07-18 18:02:35 | 2020-07-18 18:02:35 | 3 | 6 | rsyslog-client | nginx: the configuration file /etc/nginx/nginx.conf syntax is ok | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 1 | nginx: | NULL | NULL | NULL |
| 10 | NULL | 2020-07-18 18:02:35 | 2020-07-18 18:02:35 | 3 | 6 | rsyslog-client | nginx: configuration file /etc/nginx/nginx.conf test is successful | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 1 | nginx: | NULL | NULL | NULL |
| 11 | NULL | 2020-07-18 18:02:35 | 2020-07-18 18:02:35 | 3 | 6 | rsyslog-client | Failed to parse PID from file /run/nginx.pid: Success | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 1 | systemd: | NULL | NULL | NULL |
| 12 | NULL | 2020-07-18 18:02:35 | 2020-07-18 18:02:35 | 3 | 6 | rsyslog-client | Started The nginx HTTP and reverse proxy server. | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 1 | systemd: | NULL | NULL | NULL |
+----+------------+---------------------+---------------------+----------+----------+----------------+---------------------------------------------------------------------------------------------------------------------------------+------------+------------+-------------+-----------+---------------+---------+-----------------+--------------+-----------+----------+----------+------------+-----------+--------------+-----------------+----------+
12 rows in set (0.00 sec)
CentOS7+Rsyslog+MySQL 搭建 Rsyslog 日志服务器的更多相关文章
- rsyslog+mariadb+loganalyzer实现日志服务器搭建
rsyslog+mariadb+loganalyzer实现日志服务器搭建 一.概述 Linux的日志记录了用户在系统上一切操作,包括系统自身运作产生的日志,这些日志是应使用者了解服务器的情况最好的资料 ...
- RHEL7通过Rsyslog搭建集中日志服务器
说明:这里是Linux服务综合搭建文章的一部分,本文可以作为单独搭建rsyslog日志服务器的参考. 注意:这里所有的标题都是根据主要的文章(Linux基础服务搭建综合)的顺序来做的. 如果需要查看相 ...
- Ubuntu+Django+Nginx+uWSGI+Mysql搭建Python Web服务器
Ubuntu+Django+Nginx+uWSGI+Mysql搭建Python Web服务器 闲着无聊的时候部署了一个Django项目玩,用vm虚拟机部署的. 准备工作 我使用的系统是Ubuntu16 ...
- centos7+rsyslog+loganalyzer+mysql 搭建rsyslog日志服务器
一.简介 在centos7系统中,默认的日志系统是rsyslog,它是一类unix系统上使用的开源工具,用于在ip网络中转发日志信息,rsyslog采用模块化设计,是syslog的替代品. 1.rsy ...
- CentOS 6.5下的lamp环境rsyslog+MySQL+loganalyzer实现日志集中分析管理
前言 rsyslog系统日志,在CentOS5上叫syslog,而在CentOS6上叫rsyslog,是增强版的syslog,CentOS5上的配置文件在/etc/syslog.conf下,而Cent ...
- Centos7 下nginx 搭建文件图片服务器
现在服务器部署nginx yum install -y epel-release yum install nginx -y 安装完成之后 访问ip 由此可见nginx服务是可用的 修改nginx的配置 ...
- 搭建rsyslog日志服务器
环境配置 centos7系统 client1:192.168.91.17 centos7系统 master:192.168.91.18 rsyslog客户端配置 1.rsyslog安装 yum ins ...
- [ 搭建Redis本地服务器实践系列 ] :序言
说起来,是在一个气候适宜的下午,虽然临近下班,不过办公室里还是充满了忙碌的身影,不时的还会从办公区传来小伙伴们为了一个需求而激烈争论的声音,自从入了互联网这个行业,说实话,也就很少休息了,当然了也不全 ...
- CentOS7.3下部署Rsyslog+LogAnalyzer+MySQL中央日志服务器
一.简介 1.LogAnalyzer 是一款syslog日志和其他网络事件数据的Web前端.它提供了对日志的简单浏览.搜索.基本分析和一些图表报告的功能.数据可以从数据库或一般的syslog文本文件中 ...
随机推荐
- HTML5基本结构和语法
1.1HTML5文档基本结构 HTML5文档省略了<html>,<head>,<body>等元素,使用HTML5的DOCTYRE声明文档类型,简化<meta& ...
- Mybatis(万能map)
mybatis(万能map) 我们使用对象作为参数有一个缺点: 我们要在mapper.xml文件和测试中要把所有的字段都写出来,那么,假如一个对象有100个字段,那我们要把这些字段都写出来吗? 所以这 ...
- MASA Framework - 整体设计思路
源起 年初我们在找一款框架,希望它有如下几个特点: 学习成本低 只需要学.Net每年主推的技术栈和业务特性必须支持的中间件,给开发同学减负,只需要专注业务就好 个人见解:一款好用的框架应该是补充,而不 ...
- [WPF] 用 Effect 实现线条光影效果
1. 前言 几个月前 ChokCoco 大佬发布了一篇文章: CSS 奇技淫巧 | 妙用 drop-shadow 实现线条光影效果 在文章里实现了一个发光的心形线条互相追逐的效果: 现在正好有空就试试 ...
- Cesium中文网的朋友们
目前已开通知识星球-Cesium中文网的朋友们 注意:仔细思量好再进来,一旦付费,概不退费.下述内容均尽力而为. 1. 每月一次技术交流(Cesium为主),提供源码. 2. 每人5次/周免费提问(C ...
- protobuf详解
protobuf的基本类型和默认值,python中的小坑 标量数值类型 标量消息字段可以具有以下类型之一--该表显示了.原型文件,以及自动生成类中的对应类型: 默认值 python操作的坑 目录结构 ...
- 微服务探索之路03篇-docker私有仓库Harbor搭建+Kubernetes(k8s)部署私有仓库的镜像
❝ 目录: 微服务探索之路01篇.net6.0项目本地win10系统docker到服务器liunx系统docker的贯通 微服务探索之路02篇liunx ubuntu服务器部署k8s(kubernet ...
- 什么是以特性为核心的持续交付|阿里巴巴DevOps实践指南
编者按:本文源自阿里云云效团队出品的<阿里巴巴DevOps实践指南>,扫描上方二维码或前往:https://developer.aliyun.com/topic/devops,下载完整版电 ...
- 阿里巴巴基于应用和变更的交付模式|阿里巴巴DevOps实践指南
编者按:本文源自阿里云云效团队出品的<阿里巴巴DevOps实践指南>,扫描上方二维码或前往:https://developer.aliyun.com/topic/devops,下载完整版电 ...
- 优化.NET 应用程序 CPU 和内存的11 个实践
https://michaelscodingspot.com/cpu-bound-memory-bound/ 优化.NET 应用程序 CPU 和内存的11 个实践 凡事都有其限度,对吧?汽车只能开这么 ...