mysql日志输出到syslog_rsyslog 传输mysql 日志

最新推荐文章于 2022-09-14 10:10:23 发布

满宏刚

最新推荐文章于 2022-09-14 10:10:23 发布

阅读量1.2k

点赞数

文章标签： mysql日志输出到syslog

版权声明：本文为博主原创文章，遵循 CC 4.0 BY-SA 版权协议，转载请附上原文出处链接和本声明。

本文链接：https://blog.csdn.net/weixin_30520605/article/details/113228073

版权

本文档介绍了如何将mysql的日志通过rsyslog配置，将日志输出到远程syslog服务器。首先加载imfile模块，指定mysql日志文件路径，设置日志级别和设施。然后在rsyslog配置文件中定义输入类型为imfile，指定日志文件，设置标签、严重性和设施。最后，确保rsyslog版本满足要求并正确配置远程传输。

摘要由CSDN通过智能技术生成

在另外一种环境中，让我们假定你已经在机器上安装了一个名为“foobar”的应用程序，它会在/var/log下生成foobar.log日志文件。现在，你想要将它的日志定向到rsyslog服务器，这可以通过像下面这样在rsyslog配置文

件中加载imfile模块来实现。

首先，加载imfile模块，这只需做一次。

module(load="imfile" PollingInterval="5")

然后，指定日志文件的路径以便imfile模块可以检测到：

mysql rsyslog配置:

uat-db01:/data01/mysql# cat /etc/rsyslog.conf | grep -v "^#" | grep -v "^$"

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)

$ModLoad imklog # provides kernel logging support (previously done by rklogd)

module(load="imfile" PollingInterval="5")

$ModLoad imtcp

$InputTCPServerRun 514

$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

$IncludeConfig /etc/rsyslog.d/*.conf

*.info;mail.none;authpriv.none;cron.none;local5.none /var/log/messages

authpriv.* /var/log/secure

mail.* -/var/log/maillog

cron.* /var/log/cron

uucp,news.crit /var/log/spooler

local7.* /var/log/boot.log

input(type="imfile"

File="/data01/mysql/uat-db01-slow.log"

Tag="uat-mysql01"

Severity="info"

Facility="local5")

local5.* @@115.236.xx.xx:514

需要升级rsyslog 版本:

rhdpt01:/root# tail -100 /var/log/messages

Aug 7 03:38:01 jrhdpt01 rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="951" x-info="http://www.rsyslog.com"] rsyslogd was HUPed

Aug 12 13:43:02 jrhdpt01 kernel: Kernel logging (proc) stopped.

Aug 12 13:43:02 jrhdpt01 rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="951" x-info="http://www.rsyslog.com"] exiting on signal 15.

Aug 12 13:43:03 jrhdpt01 kernel: imklog 5.8.10, log source = /proc/kmsg started.

Aug 12 13:43:03 jrhdpt01 rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="24817" x-info="http://www.rsyslog.com"] start

Aug 12 13:43:03 jrhdpt01 rsyslogd-3000: unknown priority name "" [try http://www.rsyslog.com/e/3000 ]

Aug 12 13:43:03 jrhdpt01 rsyslogd: the last error occured in /etc/rsyslog.conf, line 11:"module(load="imfile" PollingInterval="5")"

Aug 12 13:43:03 jrhdpt01 rsyslogd: warning: selector line without actions will be discarded

Aug 12 13:43:03 jrhdpt01 rsyslogd-3000: unknown priority name "" [try http://www.rsyslog.com/e/3000 ]

Aug 12 13:43:03 jrhdpt01 rsyslogd: the last error occured in /etc/rsyslog.conf, line 84:"input(type="imfile""

Aug 12 13:43:03 jrhdpt01 rsyslogd: warning: selector line without actions will be discarded

Aug 12 13:43:03 jrhdpt01 rsyslogd-3000: unknown priority name "log"" [try http://www.rsyslog.com/e/3000 ]

Aug 12 13:43:03 jrhdpt01 rsyslogd: the last error occured in /etc/rsyslog.conf, line 85:"File="/data01/mysql/jrhdpt01-slow.log""

Aug 12 13:43:03 jrhdpt01 rsyslogd: warning: selector line without actions will be discarded

Aug 12 13:43:03 jrhdpt01 rsyslogd-3000: unknown priority name "" [try http://www.rsyslog.com/e/3000 ]

Aug 12 13:43:03 jrhdpt01 rsyslogd: the last error occured in /etc/rsyslog.conf, line 86:"Tag="zjzc-mysql01""

Aug 12 13:43:03 jrhdpt01 rsyslogd: warning: selector line without actions will be discarded

Aug 12 13:43:03 jrhdpt01 rsyslogd-3000: unknown priority name "" [try http://www.rsyslog.com/e/3000 ]

Aug 12 13:43:03 jrhdpt01 rsyslogd: the last error occured in /etc/rsyslog.conf, line 87:"Severity="info""

Aug 12 13:43:03 jrhdpt01 rsyslogd: warning: selector line without actions will be discarded

Aug 12 13:43:03 jrhdpt01 rsyslogd-3000: unknown priority name "" [try http://www.rsyslog.com/e/3000 ]

Aug 12 13:43:03 jrhdpt01 rsyslogd: the last error occured in /etc/rsyslog.conf, line 88:"Facility="local5")"

Aug 12 13:43:03 jrhdpt01 rsyslogd: warning: selector line without actions will be discarded

Aug 12 13:43:03 jrhdpt01 rsyslogd-2124: CONFIG ERROR: could not interpret master config file '/etc/rsyslog.conf'. [try http://www.rsyslog.com/e/2124 ]

下载下列软件

json-c-0.12-20140410.tar.gz---------------------https://github.com/json-c/json-c/archive/json-c-0.12-20140410.tar.gz

libestr-0.1.10.tar.gz-------------------http://libestr.adiscon.com/files/download/libestr-0.1.10.tar.gz

liblogging-1.0.5.tar.gz ----------------http://download.rsyslog.com/liblogging/liblogging-1.0.5.tar.gz

librdkafka-0.8.6.tar.gz -----------------------https://github.com/edenhill/librdkafka/archive/0.8.6.tar.gz

libuuid-1.0.3.tar.gz --------------------http://jaist.dl.sourceforge.net/project/libuuid/libuuid-1.0.3.tar.gz

zlib-1.2.8.tar.gz-------------------http://zlib.net/zlib-1.2.8.tar.gz

curl-7.44.0.tar.gz--------------http://curl.haxx.se/download/curl-7.44.0.tar.gz

rsyslog-8.15.0.tar.gz-------------------http://www.rsyslog.com/download/files/download/rsyslog/rsyslog-8.15.0.tar.gz

一：安装rsyslog

(1) json-c 安装

tar -xzvf json-c-0.12-20140410.tar.gz

cd json-c-0.12-20140410

./configure CC="gcc -m64" --prefix=/usr --libdir=/usr/lib64 && make && make install

(2) libestr安装

tar -xzvf libestr-0.1.10.tar.gz

cd libestr-0.1.10

./configure CC="gcc -m64" --prefix=/usr --libdir=/usr/lib64

&& make && make install

(3) libuuid 安装

tar -xzvflibuuid-1.0.3.tar.gz

cdlibuuid-1.0.3

./configure CC="gcc -m64" --prefix=/usr --libdir=/usr/lib64 && make && make install

(4)zlib

安装

tar

-xzvf zlib-1.2.8.tar.gz

cdzlib-1.2.8

./configure --prefix=/usr --libdir=/usr/lib64 && make && make install

(5)liblogging

安装

tar

-xzvf liblogging-1.0.5.tar.gz

cdliblogging-1.0.5

./configure CC="gcc -m64" --prefix=/usr --libdir=/usr/lib64 --disable-journal && make && make install

(6)librdkafka ###可以不安装

安装

tar

-xzvf librdkafka-0.8.6.tar.gz

cd librdkafka-0.8.6

./configure --prefix=/usr --libdir=/usr/lib64 && make && make install

(7) 安装rsyslogd

checking for library containing sched_get_priority_max... none required

checking for sched_get_priority_max... yes

checking for LIBUUID... yes

checking for CURL... no

configure: error: Package requirements (libcurl) were not met:

No package 'libcurl' found

Consider adjusting the PKG_CONFIG_PATH environment variable if you

installed software in a non-standard prefix.

原因没有安装curl:

uat-db01:/root/curl-7.44.0# ./configure CC="gcc -m64" --prefix=/usr --libdir=/usr/lib64 && make && make install

uat-db01:/root/rsyslog-8.15.0# cat make.sh

./configure CC="gcc -m64" PKG_CONFIG_PATH=/usr/lib64/pkgconfig LIBESTR_LIBS=/usr/lib64/libestr.a JSON_C_LIBS=/usr/lib64/libjson-c.a ZLIB_LIBS=/usr/lib64/libz.a LIBUUID_LIBS=/usr/lib64/libuuid.a

CURL_LIBS=/usr/lib64/libcurl.a LIBLOGGING_STDLOG_LIBS=/usr/lib64/liblogging-stdlog.a LIBRDKAFKA_CFLAGS=/usr/include LIBRDKAFKA_LIBS=/usr/lib64/librdkafka.a --prefix=/usr --libdir=/usr/lib64 --

enable-static --enable-debug --enable-elasticsearch --enable-elasticsearch-tests --enable-liblogging-stdlog --enable-imfile --enable-imptcp --enable-omstdout --enable-omruleset --enable-omuxsock

--disable-libgcrypt

make && make install

uat-db01:/root/rsyslog-8.15.0/tools# cp rsyslogd /sbin/

uat-db01:/root/rsyslog-8.15.0/tools# service rsyslog start

Starting system logger: usage: rsyslogd [options]

use "man rsyslogd" for details. To run rsyslog interactively, use "rsyslogd -n"to run it in debug mode use "rsyslogd -dn"

For further information see http://www.rsyslog.com/doc

[FAILED]

uat-db01:/root/rsyslog-8.15.0/tools# rsyslogd -f /etc/rsyslog.conf

uat-db01:/root/rsyslog-8.15.0/tools# ps -ef | grep rsyslog

root 9244 1 12 14:32 ? 00:00:00 rsyslogd -f /etc/rsyslog.conf

root 9259 26662 0 14:32 pts/0 00:00:00 grep rsyslog

uat-db01:/root/rsyslog-8.15.0/tools#

客户端rsyslog 配置:

uat-db01:/data01/mysql# cat /etc/rsyslog.conf | grep -v "^#" | grep -v "^$"

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)

$ModLoad imklog # provides kernel logging support (previously done by rklogd)

module(load="imfile" PollingInterval="5")

$ModLoad imtcp

$InputTCPServerRun 514

$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

$IncludeConfig /etc/rsyslog.d/*.conf

*.info;mail.none;authpriv.none;cron.none;local5.none /var/log/messages

authpriv.* /var/log/secure

mail.* -/var/log/maillog

cron.* /var/log/cron

uucp,news.crit /var/log/spooler

local7.* /var/log/boot.log

input(type="imfile"

File="/data01/mysql/uat-db01-slow.log"

Tag="uat-mysql01"

Severity="info"

Facility="local5")

local5.* @@115.236.xx.xx:514

服务器rsyslog 配置:

$EscapeControlCharactersOnReceive off #关闭rsyslog默认转译ASCII<32的所有怪异字符，包括换行符等

$template nginx-zjzc01,"/rsyslog/data/nginx/zjzc/nginx_access01_log.%$year%-%$month%-%$day%" #定义TC：日志存放路径

$template nginx-zjzc02,"/rsyslog/data/nginx/zjzc/nginx_access02_log.%$year%-%$month%-%$day%" #定义TCBeta：日志存放路径

$template nginx-uat01,"/rsyslog/data/nginx/uat/nginx_access01_log.%$year%-%$month%-%$day%" #定义TCBeta：日志存放路径

$template tocFormat,"'%syslogtag%','%FROMHOST-IP%','%msg%'\n" #定义toc日志format

$template uat-zjzc01,"/rsyslog/data/mysql/uat/mysql01_slow_log.%$year%-%$month%-%$day%" #定义TCBeta：日志存放路径

:rawmsg,contains,"nginx-zjzc01" -?nginx-zjzc01;tocFormat #接受TC：日志，并应用tocFormat格式

:rawmsg,contains,"nginx-zjzc02" -?nginx-zjzc02;tocFormat #接受TCBeta：日志，并应用tocFormat格式

:rawmsg,contains,"uat-nginx" -?nginx-uat01;tocFormat #接受TCBeta：日志，并应用tocFormat格式

:rawmsg,contains,"uat-mysql01" -?uat-zjzc01;tocFormat

关注

0
点赞
踩
2

收藏

觉得还不错? 一键收藏
0
评论
复制链接

分享到 QQ

分享到新浪微博

扫一扫

评论

被折叠的条评论为什么被折叠?

到【灌水乐园】发言

查看更多评论

添加红包

成就一亿技术人!

hope_wisdom

发出的红包

实付元

使用余额支付

点击重新获取

扫码支付

钱包余额 0

抵扣说明：

1.余额是钱包充值的虚拟货币，按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载，可以购买VIP、付费专栏及课程。