服务器(9)--Linux之系统日志rsyslog转发
2018-02-28 18:18
716 查看
一、简介
RSYSLOG is the rocket-fast system for log processing.
It offers high-performance, great security features and a modular design. While it started as a regular syslogd, rsyslog has evolved into a kind of swiss army knife of logging, being able to accept inputs from a wide variety of sources, transform them, and output to the results to diverse destinations.
RSYSLOG can deliver over one million messages per second to local destinations when limited processing is applied (based on v7, December 2013). Even with remote destinations and more elaborate processing the performance is usually considered "stunning".
1、rsyslog 是一个快速处理收集系统日志的程序,提供了高性能、强大的安全特性和模块化设计
2、rsyslog 是syslog 的升级版,自centos6起,系统日志配置文件/etc/syslog.conf不再存在,取而代之的是/etc/rsyslog.conf
3、判断服务器上是否安装rsyslog,命令:rsyslogd -version
4、如果服务器上没有安装rsyslog,则安装,命令:yum install rsyslog -y
二、部署
1、环境图
2、rsyslog server上的部署操作
编辑rsyslog配置文件,路径/etc/rsyslog.conf,修改前最好先备份一份,修改后的文件内容如下:[root@opm log]# grep -v "^#" /etc/rsyslog.conf | grep -v "^$"
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal
$ModLoad immark # provides --MARK-- message capability
$ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerRun 514
$WorkDirectory /var/lib/rsyslog
$AllowedSender tcp, 192.168.30.0/24
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$template Remote,"/data/log/%fromhost-ip%/%fromhost-ip%_%$YEAR%-%$MONTH%-%$DAY%.log"
:fromhost-ip, !isequal, "127.0.0.1" ?Remote
$IncludeConfig /etc/rsyslog.d/*.conf
$OmitLocalLogging on
$IMJournalStateFile imjournal.state
*.info;mail.none;authpriv.none;cron.none /data/log/messages
authpriv.* /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
*.emerg :omusrmsg:*
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log
RSYSLOG is the rocket-fast system for log processing.
It offers high-performance, great security features and a modular design. While it started as a regular syslogd, rsyslog has evolved into a kind of swiss army knife of logging, being able to accept inputs from a wide variety of sources, transform them, and output to the results to diverse destinations.
RSYSLOG can deliver over one million messages per second to local destinations when limited processing is applied (based on v7, December 2013). Even with remote destinations and more elaborate processing the performance is usually considered "stunning".
1、rsyslog 是一个快速处理收集系统日志的程序,提供了高性能、强大的安全特性和模块化设计
2、rsyslog 是syslog 的升级版,自centos6起,系统日志配置文件/etc/syslog.conf不再存在,取而代之的是/etc/rsyslog.conf
3、判断服务器上是否安装rsyslog,命令:rsyslogd -version
4、如果服务器上没有安装rsyslog,则安装,命令:yum install rsyslog -y
二、部署
1、环境图
2、rsyslog server上的部署操作
编辑rsyslog配置文件,路径/etc/rsyslog.conf,修改前最好先备份一份,修改后的文件内容如下:[root@opm log]# grep -v "^#" /etc/rsyslog.conf | grep -v "^$"
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal
$ModLoad immark # provides --MARK-- message capability
$ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerRun 514
$WorkDirectory /var/lib/rsyslog
$AllowedSender tcp, 192.168.30.0/24
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$template Remote,"/data/log/%fromhost-ip%/%fromhost-ip%_%$YEAR%-%$MONTH%-%$DAY%.log"
:fromhost-ip, !isequal, "127.0.0.1" ?Remote
$IncludeConfig /etc/rsyslog.d/*.conf
$OmitLocalLogging on
$IMJournalStateFile imjournal.state
*.info;mail.none;authpriv.none;cron.none /data/log/messages
authpriv.* /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
*.emerg :omusrmsg:*
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log
相关文章推荐
- Linux 之 rsyslog 系统日志转发
- Linux 之 rsyslog 系统日志转发
- linux系统下基于rsyslog构建日志服务器
- Linux 之 rsyslog 系统日志转发
- Linux 之 rsyslog 系统日志转发(转载)
- Rsyslog 更改Linux系统日志的时间格式
- linux系统日志服务器---新人
- CentOS7下利用rsyslog+loganalyzer配置日志服务器及Linux和windows客户端配置
- Linux系统日志管理:(4)rysylog日志服务、日志服务器以及日志转储
- Linux通过Rsyslog搭建集中日志服务器
- Linux 之rsyslog+LogAnalyzer 日志收集系统
- linux学习入门 基础部分(9)[1.系统日志默认分类2.日志管理服务rsyslog3.日志分析工具journa4.时间同步5.timedatectl命令]
- CentOS7下利用rsyslog+loganalyzer配置日志服务器及Linux客户端配置
- CentOS7下利用rsyslog+loganalyzer配置日志服务器及Linux和windows客户端配置
- linux系统下查看tomcat服务器实时 log日志的命令
- 在Windows环境下搭建Linux系统的日志服务器.htm
- 用专用Linux日志服务器增强系统安全
- Linux 日志服务器 rsyslog
- Linux 之rsyslog+LogAnalyzer 日志收集系统
- linux的系统日志rsyslog