搭建rsyslog日志服务器_syslog服务器

搭建rsyslog日志服务器_syslog服务器文章目录1.rsyslog介绍2.实验目的3.实验环境4.配置服务端5.配置客户端6.在服务端验证效果1.rsyslog介绍  rsyslog是一个快速处理收集系统日志的开源程序,提供了高性能、安全功能和模块化设计。rsyslog是syslog的升级版,它将多种来源输入输出转换结果到目的地,rsyslog被广泛用于Linux系统以通过TCP/UDP协议转发或接收日志消息。  rsyslog守护进程可以被配置成两种环境,一种是配置成日志收集服务器,rsysl

大家好,又见面了,我是你们的朋友全栈君。如果您正在找激活码,请点击查看最新教程,关注关注公众号 “全栈程序员社区” 获取激活教程,可能之前旧版本教程已经失效.最新Idea2022.1教程亲测有效,一键激活。

Jetbrains全系列IDE稳定放心使用


1. rsyslog 介绍

  rsyslog 是一个快速处理收集系统日志的开源程序,提供了高性能、安全功能和模块化设计。rsyslog 是 syslog 的升级版,它将多种来源输入输出转换结果到目的地, rsyslog 被广泛用于 Linux 系统以通过 TCP/UDP 协议转发或接收日志消息。
在这里插入图片描述

在这里插入图片描述

  rsyslog 守护进程可以被配置成两种环境,一种是配置成日志收集服务器,rsyslog 进程可以从网络中收集其它主机上的日志数据,这些主机会将日志配置为发送到另外的远程服务器。rsyslog 的另外一个用法,就是可以配置为客户端,用来过滤和发送内部日志消息到本地文件夹(如 /var/log)或一台可以路由到的远程 rsyslog 服务器上。

2. 实验目的

  实现 Client 主机通过 rsyslog 发送自身的系统日志到 Rsyslog Server 服务器,服务器端将该主机系统日志存放到一个指定的目录里面,进行按 IP 和日志简单分类存储。

3. 实验环境

  • 服务端和客户端系统都为 Centos7.7
  • 服务端 IP:10.0.0.120  客户端 IP:10.0.0.100
  • 服务端和客户端关闭防火墙和 selinux
systemctl stop firewalld
setenforce 0
  • 服务端和客户端都安装 rsyslog 服务
yum -y install rsyslog  #无网络自行配置 yum 源

4. 配置服务端

vim /etc/rsyslog.conf  #修改rsyslog配置文件,标蓝的即为需要的内容,标红的为解释说明

# rsyslog configuration file

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html

#### MODULES ####

# The imjournal module bellow is now used as a message source instead of imuxsock.
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal
#$ModLoad imklog # reads kernel messages (the same are read from journald)
#$ModLoad immark # provides --MARK-- message capability

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514


#### GLOBAL DIRECTIVES ####

# Where to place auxiliary files
$WorkDirectory /var/lib/rsyslog
$AllowedSender udp, 10.0.0.0/24
#收集的IP网段


# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$template Remote,"/opt/n9e/rsyslog/logs/%fromhost-ip%/%fromhost-ip%_%$YEAR%-%$MONTH%-%$DAY%-%$HOUR%.log"   #定义模板,接受日志文件路径,区分了不同主机的日志,日志目录自行指定
:fromhost-ip, !isequal, "127.0.0.1" ?Remote  # 过滤服务端本机的日志


# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on

# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf

# Turn off message reception via local log socket;
# local messages are retrieved through imjournal now.
$OmitLocalLogging on

# File to store the position in the journal
$IMJournalStateFile imjournal.state


#### RULES ####
# 添加创建目录的注释
$CreateDirs on
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages

# The authpriv file has restricted access.
authpriv.* /var/log/secure

# Log all the mail messages in one place.
mail.* -/var/log/maillog


# Log cron stuff
cron.* /var/log/cron

# Everybody gets emergency messages
*.emerg :omusrmsg:*

# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler

# Save boot messages also to boot.log
local7.* /var/log/boot.log


# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList # run asynchronously
#$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
# *.* @@192.168.44.212:514
# ### end of the forwarding rule ###

 

systemctl restart rsyslog  #重启rsyslog服务

5. 配置客户端

vim /etc/rsyslog.conf  #修改rsyslog配置文件,标蓝的即为需要的内容,标红的为解释说明

# rsyslog configuration file

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html

#### MODULES ####

# The imjournal module bellow is now used as a message source instead of imuxsock.
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal
#$ModLoad imklog # reads kernel messages (the same are read from journald)
#$ModLoad immark # provides --MARK-- message capability

# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514

# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514


#### GLOBAL DIRECTIVES ####

# Where to place auxiliary files
$WorkDirectory /var/lib/rsyslog

# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on

# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf

# Turn off message reception via local log socket;
# local messages are retrieved through imjournal now.
$OmitLocalLogging on

# File to store the position in the journal
$IMJournalStateFile imjournal.state


#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages

# The authpriv file has restricted access.
authpriv.* /var/log/secure

# Log all the mail messages in one place.
mail.* -/var/log/maillog


# Log cron stuff
cron.* /var/log/cron

# Everybody gets emergency messages
*.emerg :omusrmsg:*

# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler

# Save boot messages also to boot.log
local7.* /var/log/boot.log


# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
$ActionQueueFileName fwdRule1 # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
$ActionQueueType LinkedList # run asynchronously
$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
# ### end of the forwarding rule ###
*.* @10.0.0.120  #指定服务端IP

 

systemctl restart rsyslog  #重启rsyslog服务

6. 在服务端验证效果

切换到服务端存放日志文件的路径,可以看到已经生成了日志,rsyslog 日志服务配置成功。
在这里插入图片描述


配置文件详解:
https://www.cnblogs.com/shu-sheng/p/13275474.html

版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。

发布者:全栈程序员-用户IM,转载请注明出处:https://javaforall.cn/189686.html原文链接:https://javaforall.cn

【正版授权,激活自己账号】: Jetbrains全家桶Ide使用,1年售后保障,每天仅需1毛

【官方授权 正版激活】: 官方授权 正版激活 支持Jetbrains家族下所有IDE 使用个人JB账号...

(0)
blank

相关推荐

  • Navigator对象,获取浏览器类型userAgent,机器类型platform

    Navigator对象,获取浏览器类型userAgent,机器类型platformJavaScript常用事件集合,前端小白必备(写的很详细,建议收藏)1.文档加载事件鼠标事件获取浏览器类型,手机机型(容易出问题的地方)事件冒泡与事件委托(面试重点)一、获取浏览器类型letuserAgent=navigator.userAgent;console.log(userAgent);if(userAgent.indexOf(“Opera”)>-1){ //判断是否是Opera浏览器console.log(“Opera”);};

  • ModelAndView 配置与使用「建议收藏」

    ModelAndView 配置与使用「建议收藏」一,ModelAndView介绍:1)ModelAndView用于后台与前端页面交互;2)可以用于重定向与转发到指定页面,3)可以保存数据然后渲染到页面二,使用:1)在Controlle

  • Ubuntu如何卸载软件_ubuntu卸载桌面

    Ubuntu如何卸载软件_ubuntu卸载桌面ubuntu卸载软件方法

  • python和java哪个更值得学_java和python「建议收藏」

    python和java哪个更值得学_java和python「建议收藏」从去年到现在IA人工智能热度一直都是上升,而且很多有经验的程序员也打出“2018年不学习Python还能学习哪种编程语言“的口号,可对于初学者来说,Python相对比较简单。Python的语法类似于伪

  • IDEA打包maven项目同时带上依赖

    IDEA打包maven项目同时带上依赖我们在使用IDEA中maven的LifeCycle去打包时,打出的jar包只包含代码,在使用时会出现“找不到包或者无法加载“ClassNotFoundException”报错。这是因为我们的jar包没有maven项目中的其他依赖包,所以我们可以在打包时把依赖也打入到jar包中,步骤如下:1、选中项目,点击File,选择打开“ProjectStructure”2、然后选择左边的“Artifacts”,点击“加号”添加jar包,“Frommodul…

  • 防抖(debounce) 和 节流(throttling)「建议收藏」

    防抖(debounce) 和 节流(throttling)「建议收藏」防抖和节流是针对响应跟不上触发频率这类问题的两种解决方案。在给DOM绑定事件时,有些事件我们是无法控制触发频率的。如鼠标移动事件onmousemove,滚动滚动条事件onscroll,窗口大小改变事件onresize,瞬间的操作都会导致这些事件会被高频触发。如果事件的回调函数较为复杂,就会导致响应跟不上触发,出现页面卡顿,假死现象。在实时检查输入时,如果我们绑定onkeyup事件发请求去…

发表回复

您的电子邮箱地址不会被公开。

关注全栈程序员社区公众号