搭建日志服务器

1、安装rsyslog

yum install -y rsyslog

2、修改rsyslog.conf配置文件

/etc/rsyslog.conf

# rsyslog configuration file# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html#### MODULES ##### The imjournal module bellow is now used as a message source instead of imuxsock.
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal
#$ModLoad imklog # reads kernel messages (the same are read from journald)
#$ModLoad immark  # provides --MARK-- message capability# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 513#### GLOBAL DIRECTIVES ####
template(name="DynFile" type="string" string="/var/log/system-%HOSTNAME%.log")# Where to place auxiliary files
$WorkDirectory /var/lib/rsyslog# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf# Turn off message reception via local log socket;
# local messages are retrieved through imjournal now.
$OmitLocalLogging on# File to store the position in the journal
$IMJournalStateFile imjournal.state#### RULES ##### Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog# Log cron stuff
cron.*                                                  /var/log/cron# Everybody gets emergency messages
*.emerg                                                 :omusrmsg:*# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g   # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList   # run asynchronously
#$ActionResumeRetryCount -1    # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
# ### end of the forwarding rule ###

3、重启rsyslog

systemctl restart rsyslog

输入systemctl status rsyslog,确保出现以下画面(active (running)):

[root@10-18-93-115 ccs]# systemctl status rsyslog
● rsyslog.service - System Logging ServiceLoaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)Active: active (running) since 四 2022-09-08 14:19:59 CST; 1h 1min agoDocs: man:rsyslogd(8)http://www.rsyslog.com/doc/Main PID: 12668 (rsyslogd)Tasks: 9Memory: 1.4MCGroup: /system.slice/rsyslog.service└─12668 /usr/sbin/rsyslogd -n9月 08 14:19:59 10-18-93-115 systemd[1]: Starting System Logging Service...
9月 08 14:19:59 10-18-93-115 rsyslogd[12668]:  [origin software="rsyslogd" swVersion="8.24.0-57.el7_9.1" x-pid="12668" x-info="http://www.rsyslog.com"] start
9月 08 14:19:59 10-18-93-115 systemd[1]: Started System Logging Service.

4、SpringBoot下配置

注:
以下是我项目中的实际使用方式

4.1、导入maven包

        <!-- logback --><dependency><groupId>org.slf4j</groupId><artifactId>slf4j-api</artifactId><version>1.7.30</version></dependency><dependency><groupId>ch.qos.logback</groupId><artifactId>logback-core</artifactId><version>1.2.3</version></dependency><dependency><groupId>ch.qos.logback</groupId><artifactId>logback-classic</artifactId><version>1.2.3</version></dependency><dependency><groupId>org.graylog2</groupId><artifactId>syslog4j</artifactId><version>0.9.60</version></dependency>

4.2、新建三个java工具类

SyslogClientUtils.java

package com.viewsources.ccs.server.syslog;import lombok.Data;
import org.graylog2.syslog4j.Syslog;
import org.graylog2.syslog4j.SyslogConstants;
import org.graylog2.syslog4j.SyslogIF;/*** 转发工具类** @author Yohann* @since 2021-12-1 17:08:34*/
@Data
public class SyslogClientUtils {private String host;private int port;private String protocolType;private static SyslogIF syslog;private volatile static SyslogClientUtils instance;private SyslogClientUtils(String host, int port, String protocolType) {if ("UDP".equals(protocolType)) {syslog = Syslog.getInstance(SyslogConstants.UDP);} else {syslog = Syslog.getInstance(SyslogConstants.TCP);}syslog.getConfig().setHost(host);syslog.getConfig().setPort(port);this.host = host;this.port = port;this.protocolType = protocolType;}public static SyslogClientUtils getInstance(String newHost, int newPort, String newProtocolType) {if (instance == null || !newHost.equals(instance.getHost()) || newPort != instance.port || !newProtocolType.equals(instance.getProtocolType())) {synchronized (SyslogClientUtils.class) {if (instance == null || !newHost.equals(instance.getHost()) || newPort != instance.getPort()) {instance = new SyslogClientUtils(newHost, newPort, newProtocolType);}}}return instance;}public void send(String info) {syslog.log(0, info);}
}

TcpUdpSyslogAppender.java:

package com.viewsources.ccs.server.syslog;import ch.qos.logback.classic.net.SyslogAppender;
import ch.qos.logback.core.net.SyslogOutputStream;import java.net.SocketException;
import java.net.UnknownHostException;/*** 自定义 logback syslog appender* @author Yohann*/
public class TcpUdpSyslogAppender extends SyslogAppender {private String protocolType;public String getProtocolType() {return protocolType;}public void setProtocolType(String protocolType) {this.protocolType = protocolType;}@Overridepublic SyslogOutputStream createOutputStream() throws SocketException, UnknownHostException {return new TcpUdpSyslogOutputStream(getSyslogHost(), getPort(),protocolType);}}

TcpUdpSyslogOutputStream.java:

package com.viewsources.ccs.server.syslog;import ch.qos.logback.core.net.SyslogOutputStream;import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.net.SocketException;
import java.net.UnknownHostException;/*** @author Yohann*/
public class TcpUdpSyslogOutputStream extends SyslogOutputStream {private final String ip;private final String protocolType;private final int port;private final ByteArrayOutputStream baos;public TcpUdpSyslogOutputStream(String ip, int port, String protocolType) throws UnknownHostException, SocketException {super(ip, port);this.ip = ip;this.port = port;this.protocolType = protocolType;this.baos = new ByteArrayOutputStream();}private static final int MAX_LEN = 1024;@Overridepublic void write(byte[] byteArray, int offset, int len) throws IOException {baos.write(byteArray, offset, len);}@Overridepublic void flush() throws IOException {byte[] bytes = baos.toByteArray();// clean up for next roundbaos.reset();// after a failure, it can happen that bytes.length is zero// in that case, there is no point in sending out an empty message/if (bytes.length == 0) {return;}SyslogClient.getInstance(ip,port,protocolType).send(new String(bytes));}@Overridepublic int getPort() {return port;}@Overridepublic void write(int b) throws IOException {baos.write(b);}}

4.3、是否开启日志转发

    /*** 更新Syslog设置** @param jsonStr*/private void updateSysLogSetting(String jsonStr) {ResSysLogSetting setting = JSONUtil.toBean(jsonStr, ResSysLogSetting.class);if (setting.getStatus()) {// 开启日志转发if (setting.getLogType().contains(SYSTEM_LOG.getCode())) {// 转发系统日志startSyslogAppender("10.18.93.115", 514, "UDP");}} else {// 关闭日志转发stopSyslogAppender();}}private void stopSyslogAppender() {LoggerContext loggerContext = (LoggerContext) LoggerFactory.getILoggerFactory();ch.qos.logback.classic.Logger root = loggerContext.getLogger(ch.qos.logback.classic.Logger.ROOT_LOGGER_NAME);Iterator<Appender<ILoggingEvent>> it = root.iteratorForAppenders();Appender<ILoggingEvent> toRemoved = null;while (it.hasNext()) {Appender<ILoggingEvent> appender = it.next();if (appender instanceof TcpUdpSyslogAppender) {toRemoved = appender;}}root.detachAppender(toRemoved);}private void startSyslogAppender(String ip, int port, String protocol) {LoggerContext loggerContext = (LoggerContext) LoggerFactory.getILoggerFactory();ch.qos.logback.classic.Logger root = loggerContext.getLogger(ch.qos.logback.classic.Logger.ROOT_LOGGER_NAME);Iterator<Appender<ILoggingEvent>> it = root.iteratorForAppenders();String newAppenderName = buildAppenderName(ip, port, protocol);Appender<ILoggingEvent> old = null;while (it.hasNext()) {Appender<ILoggingEvent> appender = it.next();if (appender instanceof TcpUdpSyslogAppender) {old = appender;}}if (old != null) {if (old.getName().equals(newAppenderName)) {// 新旧一致则不改动return;}old.stop();root.detachAppender(old);}// 添加并启动新的TcpUdpSyslogAppender syslogAppender = new TcpUdpSyslogAppender();syslogAppender.setSyslogHost(ip);syslogAppender.setPort(port);syslogAppender.setName(newAppenderName);syslogAppender.setProtocolType(protocol);syslogAppender.setContext(root.getLoggerContext());syslogAppender.setFacility("LOCAL7");syslogAppender.start();root.addAppender(syslogAppender);}private String buildAppenderName(String ip, int port, String type) {return "syslogAppender:" + ip + ":" + port + ":" + type;}

4.4、转发mysql中的登录或操作日志

使用示例:

SyslogClientUtils udp = SyslogClientUtils.getInstance("10.18.93.115", 514, "UDP");
while (true){udp.send("helppppppppppppppppppppppppppppp");Thread.sleep(1000);
}

在添加操作日志或登录日志接口加上此代码:

    @Override@Asyncpublic void addOperationLog(Caller caller, String operatorContext, String operatorObject, int operatorState) {addOperationLog(caller.getUserId(), caller.getLoginIp(), caller.getTenantId(), caller.getLoginUa(),operatorContext, operatorObject, operatorState, LocalDateTime.now());// 根据系统设置是否发送操作日志到syslogSysValue syslogSetting = sysValueService.getOne(new LambdaQueryWrapper<SysValue>().eq(SysValue::getKeyParam, SYSLOG_SETTING));if (syslogSetting != null) {if (StringUtils.isNotBlank(syslogSetting.getValueParam())) {ResSysLogSetting sysLogSetting = JSONUtil.toBean(syslogSetting.getValueParam(), ResSysLogSetting.class);if (sysLogSetting.getStatus()) {if (sysLogSetting.getLogType().contains(OPERATION_LOG.getCode())) {// 发送到syslogSyslogClientUtils.getInstance("10.18.93.115", 514, "UDP").send(operatorContext);}}}}}

【syslog】搭建日志服务器相关推荐

  1. Centos下用lamp搭建日志服务器

    用lamp搭建日志服务器 第一部分:简要介绍 1.作为网络的维护者,日志是我们工作中必不可少的一部分,他可以帮助我们分析设备是否正常,网络是否健康,所以任何设备或系统都应该建立完整的日志系统,这样我们 ...

  2. rsyslog+mysql+loganalyzer 环境搭建日志服务器

    环境:CentOS6.6 rsyslog+mysql+loganalyzer 环境搭建日志服务器 Client端:    192.168.2.10 MySQL服务器:  192.168.2.11 # ...

  3. mysql 搭建日志服务器_一、架构01-搭建日志服务器Rsyslog

    搭建日志服务器 1.环境配置 环境: node01  192.168.32.132  rsyslog服务器 node02  192.168.32.128  rsyslog客户端 2.node01.no ...

  4. mysql 搭建日志服务器_rsyslog+mysql+loganalyzer 环境搭建日志服务器

    环境:CentOS6.6 rsyslog+mysql+loganalyzer 环境搭建日志服务器 Client端:192.168.2.10 MySQL服务器:192.168.2.11 # Client ...

  5. 搭建日志服务器 rsyslog

    搭建日志服务器 rsyslog 文章目录 搭建日志服务器 rsyslog @[TOC](文章目录) 前言 一.ryslog是什么? 二.部署步骤 1.安装rsyslog服务 2.修改/etc/rsys ...

  6. [LINUX] 搭建日志服务器

    在Linux上搭建日志服务器过程 http://www.linuxidc.com/Linux/2008-01/10420p2.htm 1 创建日志服务器,用来接收客户端发送来的日志,采用Linux系统 ...

  7. Linux日志管理之搭建日志服务器

    前期准备 两台CentOS虚拟机 网络正常两台机器可以ping通 最后还缺一个屏幕前的你(搭建日志服务器) 需求 进行日志服务器的配置,使客户端把 任意类型的 高于和等于info级别的日志通过TCP的 ...

  8. linux 搭建日志服务器

    日志记录了服务器接收处理请求以及运行时错误等各种原始信息.通过对日志进行统计.分析.综合,就能有效的掌握服务器的运行状况,发现和排除错误原因,更好的加强系统的维护和管理. 本实验简单的模拟日志服务器的 ...

  9. 用freebsd搭建日志服务器

    在比较大规模的网络应用或者对安全有一定要求的应用中,通常需要对系统的日志进行记录分类并审核,默认情况下,每个系统会在本地硬盘上记录自己的日志,这样虽然也能有日志记录,但是有很多缺点:首先是管理不便,当 ...

最新文章

  1. 一种视觉惯性+激光传感器的SLAM系统
  2. tushare获取 保存_TuShare(2):使用TuShare,抓取股票数据并存储到数据库
  3. 刘道成mysql视频教程_燕十八刘道成Mysql 系列视频教程 Mysql视频教程打包下载
  4. ThreadLocal小记
  5. 计算机网络:单播,多播
  6. UA MATH563 概率论的数学基础 鞅论初步10 Doob可选停止定理与一维随机游走的exiting time
  7. SQLite在C#的使用
  8. 回顾国产手机4年沉浮,仍然只是靠这三招翻身
  9. 利用正则表达式截取特定字符中间字符
  10. linux下如何获取cpu的利用率
  11. How Many Pieces of Land ? (UVA-10213)
  12. java json html模板,基于jQuery的AJAX和JSON实现纯html数据模板(转载)
  13. UVALive - 5713 最小生成树
  14. 2019-4-25 数组操作方法和练习
  15. 如何配置mysql_怎样配置MySQL
  16. WebService的知识总结(一)
  17. web前端设计与开发大作业(五)----期末设计报告
  18. 4.4 数据的寻址方式(立即寻址、直接寻址、间接寻址、寄存器寻址、相对地址)
  19. 360与腾讯之争之厚黑学分析
  20. linux怎么踢普通用户,Linux系统管理员踢用户的方法

热门文章

  1. Windows--从dos下进入D盘,切换盘符
  2. MYSQL数据库的数据存储文件
  3. mysql数据库读写文件
  4. 软件公司要咨询顾问干什么?
  5. LeetCode - OrderMap - 715.Range模块
  6. idea 配置 git 教程
  7. 强化区域产业链,优化区域产业布局,促区域经济高速发展
  8. javascript实现页面倒计时
  9. 字典转JSON字符串 字典转Data Data转JSON字符串 swift
  10. 区块链支付和第三方支付区别