日志的采集
实验环境:
node01 | node02 |
---|---|
192.168.1.11 | 192.168.1.10 |
一、将node01的日志发送到node02节点上。
1.修改主机名
(1)
[root@localhost ~]# hostnamectl set-hostname node01
[root@localhost ~]# bash
[root@node01 ~]#
(2)
[root@localhost ~]# hostnamectl set-hostname node02
[root@localhost ~]# bash
[root@node02 ~]#
2.修改node01配置文件
[root@node01 ~]# vim /etc/rsyslog.conf
……
15 $ModLoad imudp
16 $UDPServerRun 514
17
18 # Provides TCP syslog reception
19 $ModLoad imtcp
20 $InputTCPServerRun 514
……
92 *.* @192.168.1.10
3.重启服务
[root@node01 ~]# systemctl restart rsyslog.service
4.在node02上,添加防火墙规则
[root@node02 ~]# firewall-cmd --add-port=514/tcp --add-port=514/udp --permanent
success
[root@node02 ~]# firewall-cmd --reload
success
[root@node02 ~]# firewall-cmd --list-ports
514/tcp 514/udp
5.编辑配置文件,重启rsyslog服务。
[root@node02 ~]# vim /etc/rsyslog.conf
……
15 $ModLoad imudp
16 $UDPServerRun 514
17
18 # Provides TCP syslog reception
19 $ModLoad imtcp
20 $InputTCPServerRun 514
……
[root@node02 ~]# systemctl restart rsyslog.service
6.监控日志文件最新状态,同时在node01上进行操作触发日志。
[root@node02 ~]# tailf /var/log/messages
……
[root@node01 ~]# yum -y install elinks
7.此时node02就可以查看到node01的日志。
[root@node02 ~]# tailf /var/log/messages
……
May 19 17:27:18 node01 yum[17822]: Installed: nss_compat_ossl-0.9.6-8.el7.x86_64
May 19 17:27:18 node01 yum[17822]: Installed: 1:js-1.8.5-20.el7.x86_64
May 19 17:27:18 node01 yum[17822]: Installed: elinks-0.12-0.37.pre6.el7.0.1.x86_64
二、在node01上部署nginx服务,并将nginx服务的日志发送给node02。
1.使用epel源下载安装nginx服务
[root@node01 ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
--2020-05-19 17:29:47-- http://mirrors.aliyun.com/repo/epel-7.repo
Resolving mirrors.aliyun.com (mirrors.aliyun.com)... 1.71.146.241, 1.71.146.240, 1.71.146.244, ...
Connecting to mirrors.aliyun.com (mirrors.aliyun.com)|1.71.146.241|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 664 [application/octet-stream]
Saving to: ‘/etc/yum.repos.d/epel.repo’
100%[============================================>] 664 --.-K/s in 0s
2020-05-19 17:29:47 (151 MB/s) - ‘/etc/yum.repos.d/epel.repo’ saved [664/664]
[root@node01 ~]# yum makecache fast // 把服务器包的信息下载到本地电脑缓存起来
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.nju.edu.cn
* extras: mirrors.ustc.edu.cn
* updates: mirrors.ustc.edu.cn
base | 3.6 kB 00:00:00
epel | 4.7 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
(1/3): epel/x86_64/updateinfo | 1.0 MB 00:00:00
(2/3): epel/x86_64/group_gz | 95 kB 00:00:00
(3/3): epel/x86_64/primary_db | 6.8 MB 00:00:00
Metadata Cache Created
[root@node01 ~]# yum install nginx -y
……
[root@node01 ~]# systemctl start nginx.service
[root@node01 ~]# systemctl enable nginx.service
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.
[root@node01 ~]# systemctl status nginx.service
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2020-05-19 17:32:12 CST; 11s ago
Main PID: 17965 (nginx)
CGroup: /system.slice/nginx.service
├─17965 nginx: master process /usr/sbin/nginx
├─17966 nginx: worker process
└─17967 nginx: worker process
May 19 17:32:12 node01 systemd[1]: Starting The nginx HTTP and reverse proxy server...
May 19 17:32:12 node01 nginx[17960]: nginx: the configuration file /etc/nginx/ngi...ok
May 19 17:32:12 node01 nginx[17960]: nginx: configuration file /etc/nginx/nginx.c...ul
May 19 17:32:12 node01 systemd[1]: Started The nginx HTTP and reverse proxy server.
Hint: Some lines were ellipsized, use -l to show in full.
2.编辑rsyslog配置文件,导入imfile模块,并编辑采集规则
[root@node01 ~]# vim /etc/rsyslog.conf
……
93 $ModLoad imfile
94 $InputFilePollInterval 1
95 $InputFileName /var/log/nginx/access.log
96 $InputFileTag nginx-info-access;
97 $InputFilestateFile state-nginx-info-accesslog
98 $InputRunFileMonitor
99 $InputFileName /var/log/nginx/error.log
100 $InputFileTag nginx-info-error;
101 $InputFilestateFile state-nginx-info-errorlog
102 $InputRunFileMonitor
103 $InputFilePollInterval 10
104 if $programname == 'nginx-info-access' then @192.168.1.61:514
105 if $programname == 'nginx-info-access' then ~
106 if $programname == 'nginx-info-error' then @192.168.1.61:514
107 if $programname == 'nginx-info-error' then ~
[root@node01 ~]# systemctl restart rsyslog.service
上段代码部分解释:
$InputFilePollInterval 1 | 间隔多久采集1次。默认单位是秒 |
---|---|
$InputFileName /usr/local/nginx/logs/access.log | 采集的日志的名称 |
$InputFileTag nginx-info-access | 给对应的日志打一个标签 |
$InputFilestateFile state-nginx-info-accesslog | 给这个日志命名 |
$InputRunFileMonitor | 启动监控 |
3.触发nginx日志
[root@node01 ~]# curl 127.0.0.1
4.node02监控日志可查看到
root@node02 ~]# tailf /var/log/messages
……
May 19 17:39:25 node01 nginx-info-access; 127.0.0.1 - - [19/May/2020:17:39:22 +0800] "GET / HTTP/1.1" 200 4833 "-" "curl/7.29.0" "-"
5.使用浏览器也可以触发,需要开启node01节点路由转发
[root@node01 ~]# echo net.ipv4.ip_forward = 1 >> /etc/sysctl.conf
[root@node01 ~]# sysctl -p
net.ipv4.ip_forward = 1
[root@node01 ~]# firewall-cmd --add-port=80/tcp
success
6.node02同样可以看到
[root@node02 ~]# tailf /var/log/messages
……
May 19 17:43:25 node01 nginx-info-access; 192.168.1.1 - - [19/May/2020:17:43:20 +0800] "GET /favicon.ico HTTP/1.1" 404 3650 "http://192.168.1.11/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36 Edg/81.0.416.77" "-"