文章目录

  • 1. rsyslog 介绍
  • 2. 实验目的
  • 3. 实验环境
  • 4. 配置服务端
  • 5. 配置客户端
  • 6. 在服务端验证效果

1. rsyslog 介绍

  rsyslog 是一个快速处理收集系统日志的开源程序,提供了高性能、安全功能和模块化设计。rsyslog 是 syslog 的升级版,它将多种来源输入输出转换结果到目的地, rsyslog 被广泛用于 Linux 系统以通过 TCP/UDP 协议转发或接收日志消息。

  rsyslog 守护进程可以被配置成两种环境,一种是配置成日志收集服务器,rsyslog 进程可以从网络中收集其它主机上的日志数据,这些主机会将日志配置为发送到另外的远程服务器。rsyslog 的另外一个用法,就是可以配置为客户端,用来过滤和发送内部日志消息到本地文件夹(如 /var/log)或一台可以路由到的远程 rsyslog 服务器上。

2. 实验目的

  实现 Client 主机通过 rsyslog 发送自身的系统日志到 Rsyslog Server 服务器,服务器端将该主机系统日志存放到一个指定的目录里面,进行按 IP 和日志简单分类存储。

3. 实验环境

  • 服务端和客户端系统都为 Centos7.7
  • 服务端 IP:10.0.0.120  客户端 IP:10.0.0.100
  • 服务端和客户端关闭防火墙和 selinux
systemctl stop firewalld
setenforce 0
  • 服务端和客户端都安装 rsyslog 服务
yum -y install rsyslog  #无网络自行配置 yum 源

4. 配置服务端

vim /etc/rsyslog.conf  #修改rsyslog配置文件,标蓝的即为需要的内容,标红的为解释说明# rsyslog configuration file# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html#### MODULES ##### The imjournal module bellow is now used as a message source instead of imuxsock.
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal
#$ModLoad imklog # reads kernel messages (the same are read from journald)
#$ModLoad immark # provides --MARK-- message capability# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514#### GLOBAL DIRECTIVES ##### Where to place auxiliary files
$WorkDirectory /var/lib/rsyslog
$AllowedSender udp, 10.0.0.0/24
#收集的IP网段# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$template Remote,"/opt/n9e/rsyslog/logs/%fromhost-ip%/%fromhost-ip%_%$YEAR%-%$MONTH%-%$DAY%-%$HOUR%.log"   #定义模板,接受日志文件路径,区分了不同主机的日志,日志目录自行指定
:fromhost-ip, !isequal, "127.0.0.1" ?Remote  # 过滤服务端本机的日志# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf# Turn off message reception via local log socket;
# local messages are retrieved through imjournal now.
$OmitLocalLogging on# File to store the position in the journal
$IMJournalStateFile imjournal.state#### RULES ####
# 添加创建目录的注释
$CreateDirs on
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages# The authpriv file has restricted access.
authpriv.* /var/log/secure# Log all the mail messages in one place.
mail.* -/var/log/maillog# Log cron stuff
cron.* /var/log/cron# Everybody gets emergency messages
*.emerg :omusrmsg:*# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler# Save boot messages also to boot.log
local7.* /var/log/boot.log# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList # run asynchronously
#$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
# *.* @@192.168.44.212:514
# ### end of the forwarding rule ###systemctl restart rsyslog  #重启rsyslog服务

5. 配置客户端

vim /etc/rsyslog.conf  #修改rsyslog配置文件,标蓝的即为需要的内容,标红的为解释说明# rsyslog configuration file# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html#### MODULES ##### The imjournal module bellow is now used as a message source instead of imuxsock.
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal
#$ModLoad imklog # reads kernel messages (the same are read from journald)
#$ModLoad immark # provides --MARK-- message capability# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514#### GLOBAL DIRECTIVES ##### Where to place auxiliary files
$WorkDirectory /var/lib/rsyslog# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf# Turn off message reception via local log socket;
# local messages are retrieved through imjournal now.
$OmitLocalLogging on# File to store the position in the journal
$IMJournalStateFile imjournal.state#### RULES ##### Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages# The authpriv file has restricted access.
authpriv.* /var/log/secure# Log all the mail messages in one place.
mail.* -/var/log/maillog# Log cron stuff
cron.* /var/log/cron# Everybody gets emergency messages
*.emerg :omusrmsg:*# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler# Save boot messages also to boot.log
local7.* /var/log/boot.log# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
$ActionQueueFileName fwdRule1 # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
$ActionQueueType LinkedList # run asynchronously
$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
# ### end of the forwarding rule ###
*.* @10.0.0.120  #指定服务端IPsystemctl restart rsyslog  #重启rsyslog服务

6. 在服务端验证效果

切换到服务端存放日志文件的路径,可以看到已经生成了日志,rsyslog 日志服务配置成功。

配置文件详解:
https://www.cnblogs.com/shu-sheng/p/13275474.html

建立 rsyslog 日志服务器相关推荐

  1. 虚拟机安装日志服务器,rsyslog日志服务器搭建

    ##本人使用的vm workstation pro 安装的虚拟机,操作系统为centos 7.4,搭建rsyslog 日志服务器,将日志服务器与mysql数据库.loganalyzer安装在同一个台服 ...

  2. Linux系统之部署Rsyslog 日志服务器

    Linux系统之部署Rsyslog 日志服务器 一.检查服务器系统版本 二.在master节点上配置 1.修改/etc/rsyslog.conf 2.开启日志服务 3.查看日志服务状态 4.关闭防火墙 ...

  3. centos rsyslog mysql_centos7+rsyslog+loganalyzer+mysql 搭建rsyslog日志服务器

    一.简介 在centos7系统中,默认的日志系统是rsyslog,它是一类unix系统上使用的开源工具,用于在ip网络中转发日志信息,rsyslog采用模块化设计,是syslog的替代品. 1.rsy ...

  4. 搭建rsyslog日志服务器记录RouterOS路由器日志

    1.搭建原因: 需要收集RouterOS路由的日志信息到mysql中,以便于后续查看 2.所需环境: RouterOS,centos7.6,mysql5.7.28 3.RouterOS路由器的日志设置 ...

  5. centos7 修改连接数_centos7+rsyslog+loganalyzer+mysql 搭建rsyslog日志服务器 - 夜空守望者2020...

    在centos7系统中,默认的日志系统是rsyslog,它是一类unix系统上使用的开源工具,用于在ip网络中转发日志信息,rsyslog采用模块化设计,是syslog的替代品. 1.rsyslog特 ...

  6. rsyslog日志服务器的日志文件路径,使用rsyslog收集日志

    为什么使用rsyslog? 1.他是POSIX-like系统中标准的logging,有些软件,比如haproxy,只使用syslog.所以你不能完全消除它 2.通过网络硬件被使用 3.它有更复杂的设置 ...

  7. CentOS7.9安装rsyslog+loganalyzer日志服务器详细配置

    一.简介: 随着机房内的服务器和网络设备增加,日志管理和查询就成了让系统管理员头疼的事. 系统管理员遇到的常见问题如下: 1.日常维护过程中不可能登录到每一台服务器和设备上去查看日志: 2.网络设备上 ...

  8. mysql+enable+sql+log_CentOS7下利用rsyslog+loganalyzer配置日志服务器及Linux和windows客户端配置...

    随着机房内的服务器和网络设备增加,日志管理和查询就成了让系统管理员头疼的事. 系统管理员遇到的常见问题如下: 1.日常维护过程中不可能登录到每一台服务器和设备上去查看日志: 2.网络设备上的存储空间有 ...

  9. nginx日志通过rsyslog传入到日志服务器指定目录

    V5配置语法: 推送端设置 [root@nginx01 ~]# cat /etc/rsyslog.conf # rsyslog v5 configuration file # For more inf ...

  10. Centos6.3下利用rsyslog+loganalyzer+mysql部署日志服务器

    作为一名系统运维工程师,平时查看分析LINUX系统日志我觉得是我们每天必做的功课,但时间长了会发现每次查看站点日志都得挨个进后台,几台服务器还可以这么对付,但如果管理成百上千台线上服务器,这种方法就捉 ...

最新文章

  1. 几个阿里, 美团,腾讯大佬的公众号!超级变态!
  2. android widget 研究 (转载)
  3. SpringBoot系列: RestTemplate 快速入门
  4. mysql数据库对象关系映射
  5. 笔记1-3: 从标准输入读取命令并执行
  6. 【数据结构】八大数据结构分类
  7. 2020蓝桥杯省赛---java---B---2(寻找 2020)+测试txt
  8. 【需求工程】需求应用域理解
  9. 2015-12-02 计划任务维护数据库
  10. SpringBoot 接收 单个String入参之解决方案
  11. 通用无线公共接口cpri_11/30
  12. spline曲线使用
  13. 无人机视觉检测算法研究及数据集汇总
  14. JDBC API 学习
  15. html文件怎么在wps打开是乱码,wps上打开Excel文件是乱码
  16. SpringBoot Whitelabel Error Page 错误
  17. Android--ImageView读取本地路径图片
  18. java 矩形类的作用_java中关于矩形类
  19. 小议SEO做网站关键字优化
  20. AutoIt3(AU3)开发的分辨率快速设置工具

热门文章

  1. Win11官方正式版(免激活)
  2. implement在JAVA中_java中的implement
  3. 苹果app项目退款教程
  4. 我关注的一周技术动态 2015.8.23
  5. pyecharts 模块
  6. sqlserver 提示“用户sa 登录失败 18456”问题解决过程
  7. 媒体选择与发布实践总结
  8. 电脑使用VMware安装Android系统
  9. 一本通1373:鱼塘钓鱼(fishing)
  10. Win10账户已被锁定解决方法