rsyslog

最新推荐文章于 2024-07-15 19:32:30 发布
最新推荐文章于 2024-07-15 19:32:30 发布
阅读量1k 收藏
点赞数
分类专栏: linux
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/LiErDan/article/details/79366521
版权

rsyslog:

日志:历史日志
    历史事件:
        时间,事件
        日志级别:事件的关键性程度,Loglevel

系统日志服务:
    syslog:
        syslogd: system
        klogd: kernel

    rsyslog:
        syslogd
        klogd

    rsyslog:
        多线程;
        UDP, TCP, SSL, TLS, RELP;
        MySQL, PGSQL, Oralce实现日志存储;
        强大的过滤器,可实现过滤日志信息中任何部分;
        自定义输出格式

    elasticsearch, logstash, kibana = elk

日志收集方:
    facility:设施,从功能或程序上对日志进行分类;
        auth, authpriv, cron, daemon, kern, lpr, mail, mark, news, security, user, uucp, local0-local7, syslog
    priority
        debug, info, notice, warn(warning), err(error), crit(critical), alert, emerg(panic)

        指定级别:
            *: 所有级别
            none: 没有级别
            priority: 此级别及更高级别的日志信息
            =priority:此级别

    facility.priority   /var/log/messages

    在进程配置文件中定义进程日志存储在对应的facility.
    在/etc/rsyslog.conf中定义相应facility的错误级别的记录位置,

程序环境:
    主程序:rsyslogd
    配置文件:/etc/rsyslog.conf
    服务脚本:/etc/rc.d/init.d/rsyslog

rsyslog.conf
    RULES:
        facility.priority   target

        target: 
            文件路径:记录于指定的日志文件中,通常应该在/var/log目录下;文件路径前的“-”表示异步写入;
            用户:将日志通知给指定用户
                *: 所有用户
            日志服务器:@host
                @host: 必须要监听在tcp或udp协议514端口上提供服务;
            管道: |COMMAND

    文件记录的日志的格式:
        事件产生的日期时间       主机  进程(pid):事件内容

        有些日志记录二进制格式:/var/log/wtmp,/var/log/btmp
            /var/log/wtmp: 当前系统上成功登录的日志;
                last
            /var/log/btmp:当前系统上失败的登录尝试;
                lastb

            lastlog命令:显示当前系统每一个用户最近一次的登录时间;

rsyslog服务器:
    # Provides UDP syslog reception
    $ModLoad imudp
    $UDPServerRun 514

    # Provides TCP syslog reception
    $ModLoad imtcp
    $InputTCPServerRun 514

配置使用基于mysql存储日志信息:
    (1) 准备好MySQL服务器,创建用户,授权对Syslog数据库的全部访问权限;
    (2) 安装rsyslog-mysql程序包;
    (3) 创建rsyslog-mysql依赖的数据库;
        # mysql -uUSERNAME -hHOST -pPASSWORD < /usr/share/doc/rsyslog-mysql-VERSION/createDB.sql
    (4) 配置rsyslog使用ommysql模块
        #### MODULES ####
        $ModLoad ommysql

        #### RULES ####
        facility.priority   :ommysql:DBHOST,DB,DBUSER,USERPASS

        重启rsyslog服务
    (5) 安装loganalyzer
        (a) 配置webserver, 支持php
            # yum install httpd php php-mysql php-gd
            # service httpd start
        (b) loganalyzer
            # cp -r loganalyzer-3.6.5/src /var/www/html/loganalyzer
            # cp loganalyzer-3.6.5/contrib/*.sh /var/www/html/loganalyzer
            # cd /var/www/html/loganalyzer
            # chmod +x *.sh
            # ./configure.sh
            # ./secure.sh
            # chmod 666 config.php
LiErDan
关注
专栏目录
linux系统/var/log目录下的信息详解
weixin_34366546的博客
02-28 2116
一、/var目录 /var 所有服务的登录的文件或错误信息文件(LOG FILES)都在/var/log下,此外,一些数据库如MySQL则在/var/lib下,还有,用户未读的邮件的默认存放地点为/var/spool/mail 二、:/var/log/ 系统的引导日志:/var/log/boot.log例如:Feb 26 10:40:48 sendmial : sendmail startu...
rsyslog的讲解
weixin_34336292的博客
08-17 130
rsyslog: 日志:历史日志 历史事件: 时间,事件 日志级别:事件的关键性程度,Loglevel 系统日志服务: syslog: syslogd: system klogd: kernel rsyslog: syslogd klogd rsyslog: 多线程; UDP, TCP, SSL, TLS, RELP; MySQL...
Linux Rsyslog日志服务器部署宝典:Linux、Windows及网络设备日志一网打尽
超哥的博客
07-15 1911
Linux Rsyslog日志服务器部署宝典:Linux、Windows及网络设备日志一网打尽
rsyslog详解
热门推荐
wq1205750492的博客
05-23 2万+
一、日志介绍 日志概念 日志是系统用来记录系统及应用程序运行时的一些相关信息的文本文件 日志作用 日志是为了保存相关程序的运行状态、错误信息等,为了对系统进行分析、保存历史记录以及在出现错误时发现、分析错误使用 linux系统日志类型 内核信息 服务信息 应用程序信息 二、rsyslog 1、rsyslog介绍 rsyslog是linux系统中用来实现日志功能的服务。默认已经安装,并且自动启用。 作用:主要用来采集日志,不生产日志 其特性包括: 支持输出日志到各种数据库,如 MySQ
rsyslog配置以及原理
2201_76119904的博客
12-12 420
日志由程序产生,在内存中产生。通过Rsyslog来将内存中程序产生的日志持久化到硬盘,并且支持udp、tcp等协议来进行不同服务器的日志同步。
rsyslog基本介绍
dl2277130327的博客
08-28 2864
rsyslog 配置简介 rsyslog 配置简介 2013-12-30 Dec 31 22:02:36 linux-64 rsyslogd-2039: imuxsock begins to drop messages from pid 6927 due to rate-limiting Dec 31 22:02:39 linux-64 rsyslogd-2039: imuxso
rsyslog系列】rsyslog远程接收日志服务器配置文件之TLS单向认证
11-17
搭建rsyslog远程接收日志服务器时,要想要服务器生效,必须按照实际使用场景配置rsyslog的配置文件,该配置文件资源应用于rsyslog v8版本的TLS协议单向认证场景。由于rsyslog v8版本对于v5版本有一些格式上的更新,...
rsyslog系列】rsyslog远程接收日志服务器配置文件之TLS双向认证
11-17
搭建rsyslog远程接收日志服务器时,要想要服务器生效,必须按照实际使用场景配置rsyslog的配置文件,该配置文件资源应用于rsyslog v8版本的TLS协议双向认证场景。由于rsyslog v8版本对于v5版本有一些格式上的更新,...
rsyslog系列】rsyslog远程接收日志服务器配置文件之UDP/TCP协议
11-17
搭建rsyslog远程接收日志服务器时,要想要服务器生效,必须按照实际使用场景配置rsyslog的配置文件,该配置文件资源应用于rsyslog v8版本的UDP/TCP协议传输场景。由于rsyslog v8版本对于v5版本有一些格式上的更新,...
rsyslog交叉编译打包
08-06
rsyslog是一款强大的系统日志收集和转发工具,广泛应用于Linux环境,用于处理和记录来自不同系统的日志信息。在嵌入式设备或资源有限的系统中,有时我们需要对rsyslog进行交叉编译,以便在目标平台上运行。交叉编译...
rsyslog安装包适合centos6
09-22
**rsyslog简介** rsyslog是一款开源的系统日志守护程序,它是syslogd的增强版,提供了更强大的功能和更高的性能。rsyslog能够处理来自不同源的日志消息,支持多线程操作,具备良好的安全性,并且采用模块化设计,...
PHPBB论坛拍卖插件phpbb-auction
12-18
##################################################################################### ## ## MOD Title: AUCTION MOD 1.3m ## MOD Author: FR (www.phpbb-auction.com) ## MOD Description: - ## MOD Version: 1.3m ## ## Installation Level: (Middle) ## Installation Time: till your done ## ## Requirements: A running phpBB 2.0.x (lastest version recommended) ## GD 1.8.x - 2.0 or higher (require for auto-thumbnail ## HTTP File Upload Enabled ## ## Tested with: __________ ## ## Files To Edit: viewonline.php ## viewtopic.php ## admin/index.php ## includes/usercp_viewprofile.php ## includes/page_header.php ## language/lang_english/lang_admin.php ## language/lang_english/lang_main.php ## templates/subSilver/subSilver.cfg ## templates/subSilver/overall_header.tpl ## templates/subSilver/viewtopic_body.tpl ## templates/subSilver/profile_view_body.tpl ## ## Included Files: to much to mention ## ##################################################################################### ## ## Before Adding This MOD To Your Forum, You Should Back Up All Files ## Related To This MOD ## ##################################################################################### ## ## For Security Purposes, you should check www.phpbb-auction.com for news and patches ## ##################################################################################### ## ## Author Notes: ## ## ##################################################################################### ## ## This hack is released under the GPL License. ## This hack can be freely used, but not distributed, without permission. ## Intellectual Property is retained by the author listed above. ## ##################################################################################### # # If you have the phpbb-auction 1.2m installed you should use the update.txt # document. # # #-----[ COPY ]------------------------------------------------------- # # Upload all files in directory "phpbb_root" with their structure to your # phpBB root directory # # Remember to upload all the language files and template files to all your # language packs and template directories # # If you use FTP please remember to use ASCII mode for text files (*.php, *.tpl) # and BINARY mode for image files (*.jpg, *.gif) # Fortunately good FTP clients today can auto-detect the mode for your files # #-----[ ACTION ]-------------------------------------- # Require for Unix-like host (you can use your FTP client to do this) # # CHMOD 777 auction/upload/ # CHMOD 777 auction/upload/cache/ # CHMOD 777 auction/upload/main/ # CHMOD 777 auction/upload/main/watermark/ # CHMOD 777 auction/upload/mini/ # CHMOD 777 auction/upload/tmp/ # CHMOD 777 auction/upload/wmk/ # CHMOD 777 auction/upload/watermark/ # CHMOD 777 auction/upload/wmk/main_watermark.png # CHMOD 777 auction/upload/wmk/big_watermark.png # #-----[ ACTION ]-------------------------------------- # # Run the install_db.php and delete (!!!) the file afterwards //////////////////////////////////////////////////////////////////////////////// 3 - Perform the following filechanges //////////////////////////////////////////////////////////////////////////////// # #-----[ OPEN ]------------------------------------------ # viewonline.php # #-----[ FIND ]------------------------------------------ # include($phpbb_root_path . 'includes/page_header.'.$phpEx); # #-----[ AFTER, ADD ]------------------------------------------ # include($phpbb_root_path . 'auction/auction_common.'.$phpEx); # #-----[ FIND ]------------------------------------------ # case PAGE_FAQ: $location = $lang['Viewing_FAQ']; $location_url = "faq.$phpEx"; break; # #-----[ AFTER, ADD ]------------------------------------------ # case AUCTION_ROOM: $location = $lang['Auction']; $location_url = "auction.$phpEx"; break; case AUCTION_OFFER: $location = $lang['Auction']; $location_url = "auction.$phpEx"; break; case AUCTION_RATING: $location = $lang['Auction']; $location_url = "auction.$phpEx"; break; case AUCTION_FAQ: $location = $lang['Auction']; $location_url = "auction.$phpEx"; break; case AUCTION_MYAUCTION: $location = $lang['Auction']; $location_url = "auction.$phpEx"; break; case AUCTION_OFFER_VIEW: $location = $lang['Auction']; $location_url = "auction.$phpEx"; break; case AUCTION_SITEMAP: $location = $lang['Auction']; $location_url = "auction.$phpEx"; break; case AUCTION_PIC_MANAGER: $location = $lang['Auction']; $location_url = "auction.$phpEx"; break; # #-----[ OPEN ]------------------------------------------ # admin/index.php # #-----[ FIND ]------------------------------------------ # require('./pagestart.' . $phpEx); # #-----[ AFTER, ADD ]------------------------------------------ # include($phpbb_root_path . 'auction/auction_common.'.$phpEx); # #-----[ FIND ]------------------------------------------ # # 2 times case PAGE_FAQ: $location = $lang['Viewing_FAQ']; $location_url = "index.$phpEx?pane=right"; break; # #-----[ AFTER, ADD ]------------------------------------------ # # 2 times case AUCTION_ROOM: $location = $lang['Auction']; $location_url = "auction.$phpEx?pane=right"; break; case AUCTION_OFFER: $location = $lang['Auction']; $location_url = "auction.$phpEx?pane=right"; break; case AUCTION_RATING: $location = $lang['Auction']; $location_url = "auction.$phpEx?pane=right"; break; case AUCTION_FAQ: $location = $lang['Auction']; $location_url = "auction.$phpEx?pane=right"; break; case AUCTION_MYAUCTION: $location = $lang['Auction']; $location_url = "auction.$phpEx?pane=right"; break; case AUCTION_OFFER_VIEW: $location = $lang['Auction']; $location_url = "auction.$phpEx?pane=right"; break; case AUCTION_SITEMAP: $location = $lang['Auction']; $location_url = "auction.$phpEx?pane=right"; break; case AUCTION_PIC_MANAGER: $location = $lang['Auction']; $location_url = "auction.$phpEx?pane=right"; break; # #-----[ OPEN ]------------------------------------------ # /language/lang_english/lang_admin.php # #-----[ FIND ]------------------------------------------ # $lang['Styles'] = 'Styles Admin'; # #-----[ AFTER, ADD ]------------------------------------------ # $lang['Auction'] = 'Auction'; $lang['a1_configuration'] = 'Configuration'; $lang['a2_roommangement'] = 'Manage Rooms'; $lang['a4_coupons'] = 'Manage Coupons'; $lang['a3_offer'] = 'Manage Offers'; $lang['a5_ipn_log'] = 'Manage IPN Log'; $lang['a6_picture_Configuration'] = 'Manage Images'; $lang['a7_permission'] = 'Manage Permissions'; $lang['a8_account'] = 'Manage Account'; # #-----[ OPEN ]------------------------------------------ # /templates/subSilver/subSilver.cfg # #-----[ FIND ]------------------------------------------ # $current_template_images = $current_template_path . "/images"; # #-----[ AFTER, ADD ]------------------------------------------ # $images['auction_locked']="$current_template_images/auction_locked.gif"; $images['auction_open']="$current_template_images/auction_open.gif"; $images['icon_auction_delete']="$current_template_images/auction_delete.gif"; $images['icon_auction_move']="$current_template_images/auction_move.gif"; $images['icon_auction_pic']="$current_template_images/auction_pic.gif"; $images['icon_auction_no_pic']="$current_template_images/auction_nopic.gif"; $images['icon_auction_down']="$current_template_images/auction_down.gif"; $images['icon_auction_up']="$current_template_images/auction_up.gif"; $images['icon_auction_feature']="$current_template_images/auction_feature.gif"; $images['icon_rating1']="$current_template_images/rating/1.gif"; $images['icon_rating2']="$current_template_images/rating/2.gif"; $images['icon_rating3']="$current_template_images/rating/3.gif"; $images['icon_rating4']="$current_template_images/rating/4.gif"; $images['icon_auction_watch']="$current_template_images/auction_add.gif"; $images['icon_auction_user_rating'] = "$current_template_images/{LANG}/icon_auction_user_rating.gif"; $images['newoffer'] = "$current_template_images/{LANG}/newoffer.gif"; $images['direct_sell'] = "$current_template_images/{LANG}/auction_buy_now.gif"; $images['vote_left'] = "$current_template_images/vote_lcap.gif"; $images['vote_right'] = "$current_template_images/vote_rcap.gif"; $images['auction_vote_right'] = "$current_template_images/auction_voting_barb.gif"; $images['auction_vote'] = "$current_template_images/auction_voting_bar.gif"; # #-----[ OPEN ]------------------------------------------ # /language/lang_english/lang_main.php # #-----[ FIND ]------------------------------------------ # $lang['datetime']['Dec'] = 'Dec'; # #-----[ AFTER, ADD ]------------------------------------------ # // Auction $lang['Auction'] = 'Auction'; # #-----[ OPEN ]------------------------------------------ # /templates/subSilver/overall_header.tpl # #-----[ FIND ]------------------------------------------ # <a href="{U_GROUP_CP}" class="mainmenu"><img src="templates/subSilver/images/icon_mini_groups.gif" width="12" height="13" border="0" alt="{L_USERGROUPS}" hspace="3" />{L_USERGROUPS}</a> # #-----[ AFTER, ADD ]------------------------------------------ #   <a href="{U_AUCTION}" class="mainmenu"><img src="templates/subSilver/images/icon_mini_auction.gif" width="12" height="13" border="0" alt="{L_AUCTION}" hspace="3" />{L_AUCTION}</a> # #-----[ OPEN ]------------------------------------------ # includes/page_header.php # #-----[ FIND ]------------------------------------------ # 'L_FAQ' => $lang['FAQ'], # #-----[ AFTER, ADD ]------------------------------------------ # 'L_AUCTION' => $lang['Auction'], # #-----[ FIND ]------------------------------------------ # 'U_FAQ' => append_sid('faq.'.$phpEx), # #-----[ AFTER, ADD ]------------------------------------------ # 'U_AUCTION' => append_sid('auction.'.$phpEx), # #-----[ OPEN ]------------------------------------------ # viewtopic.php # #-----[ FIND ]------------------------------------------ # include($phpbb_root_path . 'includes/bbcode.'.$phpEx); # #-----[ AFTER, ADD ]------------------------------------------ # // Start Include language file $language = $board_config['default_lang']; if( !file_exists($phpbb_root_path . 'language/lang_' . $language . '/lang_auction.'.$phpEx) ) { $language = 'english'; } include($phpbb_root_path . 'language/lang_' . $language . '/lang_auction.' . $phpEx); // end include language file # #-----[ FIND ]------------------------------------------ # 'L_MINI_POST_ALT' => $mini_post_alt, # #-----[ AFTER, ADD ]------------------------------------------ # 'AUCTION_USER_RATING' => "<a href=" . append_sid("auction_rating.php?mode=view&" . POST_USERS_URL . "=" .$poster_id ) . "><img src=" . $images['icon_auction_user_rating'] . " alt='Feedback Rating' border='0' /></a>", 'L_VIEW_AUCTION_USER_RATING' => $lang['auction_user_rating'], # #-----[ OPEN ]------------------------------------------ # includes/usercp_viewprofile.php # #-----[ FIND ]------------------------------------------ # if ( !defined('IN_PHPBB') ) { die("Hacking attempt"); exit; } # #-----[ AFTER, ADD ]------------------------------------------ # // Start Include language file $language = $board_config['default_lang']; if( !file_exists($phpbb_root_path . 'language/lang_' . $language . '/lang_auction.'.$phpEx) ) { $language = 'english'; } include($phpbb_root_path . 'language/lang_' . $language . '/lang_auction.' . $phpEx); // end include language file # #-----[ FIND ]------------------------------------------ # 'AVATAR_IMG' => $avatar_img, # #-----[ AFTER, ADD ]------------------------------------------ # 'AUCTION_USER_RATING' => "<a href=\"" . append_sid("auction_rating.php?mode=view&" . POST_USERS_URL . "=" . $profiledata['user_id'] ) . "\"><img src=\"" . $images['icon_auction_user_rating'] . "\" alt=\"" . $lang['auction_user_rating'] . "\" title=\"" . $lang['auction_user_rating'] . "\" border=\"0\" /></a>", 'L_VIEW_AUCTION_USER_RATING' => $lang['auction_user_rating'], # #-----[ OPEN ]------------------------------------------ # /templates/subSilver/viewtopic_body.tpl # #-----[ FIND ]------------------------------------------ # {postrow.MSN_IMG} # #-----[ AFTER,ADD ]------------------------------------------ # // Goes in same line before {postrow.MSN_IMG} {postrow.AUCTION_USER_RATING} # #-----[ OPEN ]------------------------------------------ # /templates/subSilver/profile_view_body.tpl # #-----[ FIND ]------------------------------------------ # <tr> <td valign="middle" nowrap="nowrap" align="right"><span class="gen">{L_AIM}:</span></td> <td class="row1" valign="middle"><span class="gen">{AIM_IMG}</span></td> </tr> # #-----[ AFTER, ADD ]------------------------------------------ # <tr> <td valign="middle" nowrap="nowrap" align="right"><span class="gen">{L_VIEW_AUCTION_USER_RATING}:</span></td> <td class="row1" valign="middle"><span class="gen">{AUCTION_USER_RATING}</span></td> </tr> # #-----[ SAVE/CLOSE ALL FILES ]------------------------------------------ # ##################################################################################### ## Further Information ## ## Thats it! You are through. If you have any questions dont hesitate to use the ## Support Forums on www.phpbb-auction.com. If you want to use the payment methods ## you should read the documentation for it on the projects website. ## Greetings and have fun with phpbb-Auction ## FR ## EoM #####################################################################################
Linux日志管理1之rsyslog
qq_45955904的博客
12-16 460
一、rsyslog 系统日志管理
rsyslog日志平台--日志工作流引擎
三禾工作室
01-28 4800
Linux下面自然的选择是rsyslog 一、基本配置实验 网上大量文章都不是很靠谱,测试平台CentOS7和loongxin系统,服务端为192.168.10.58(centos),客户端为192.168.14.211(loongson) 1. 客户端配置:客户端修改 /etc/rsyslog.conf 把尾部#*.* @@remote-host:514删除#,并把@@替换为@,remote-host替换为日志服务器主机IP即可; *.* @192.168.10.58:514 #UDP
Rsyslog比较详细的
weixin_33909059的博客
07-12 143
http://blog.csdn.net/fishmai/article/details/51842340
rsyslog 入门 第一篇
DianWen119的博客
01-28 578
本系列,使用学习场景,是基于elk的采集端。。就是只是采集文本后,rsyslog怎么处理的各种常用姿势。。。 有些抄了其他前辈的。自己整理了下。。。官方网站:www.rsyslog.com centos六七 架构就是 rsyslog --tcp方式--> logstash -->es ,或者, rsyslog --->redis,kafka -->logstash --> es --------------------------------...
如何关闭rsyslog服务?_如何在Ubuntu 18.04 LTS上安装Rsyslog
weixin_39850152的博客
11-22 1481
Rsyslog是一个强大而安全的日志处理系统。Rsyslog通过多个物理或虚拟服务器在网络上接收日志,并监视不同服务的健康状况。使用Rsyslog,您可以从集中位置监视其他服务器、网络设备和远程应用程序的日志。简 介日志对于分析和排除Linux中的任何问题非常有用。默认情况下,所有日志文件都位于Linux的/var/log目录中。日志文件有几种类型,包括cron、内核、用户、安全性...
linux环境下搭建Rsylog日志服务器
weixin_45116657的博客
08-03 843
一、Rsyslog日志服务简介 1、rsyslog简介 rsyslog( rocket-fast system for log),它提供了高性能,高安全功能和模块化设计。rsyslog能够接受从各种各样的来源,将其输入,输出的结果到不同的目的地。 ryslog 是一个快速处理收集系统日志的程序,支持C/S框架,可通过UDP/TCP协议提供日志集中管理服务。 2、为什么要用rsyslog we...
rsyslog日志系统
hello,word!
02-10 2269
模板定义的形式有四种,适用于不同的输出模块,一般简单的格式,可以使用string的形式,复杂的格式,建议使用list的形式,使用list的形式,可以使用一些额外的属性字段(property statement),例如:position.from、position.end。比较典型的一个例子,针对不同的端口使用不同的过滤规则。在定义好ruleset后,各个输出模块就可以指定自己使用的ruleset了,具体如何指定,可以查看输出模块的手册,一般会有一个ruleset的参数,用来实现这个功能。
rsyslog certificate
最新发布
08-16
rsyslog是一个开源的日志管理系统,它主要用于收集、管理和分析系统日志。关于"certificate"在rsyslog中的应用,通常指的是SSL/TLS证书。当rsyslog需要通过安全连接(如HTTPS)与其他系统通信,传递日志数据时,可能...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值