linux 之日誌管理rsyslog綜合演練
日誌介紹
rsyslog
rsyslog
實驗一日誌配置演示,
通過下邊命令rsysylog服務預設是獨立的不是基於網路的
應用程式定製日誌演示
[root@chujiapeng ~]# vim /etc/rsyslog.conf # Save boot messages0 also to boot.log local7.* /var/log/boot.log local6.* /var/log/myssh.log
[root@chujiapeng ~]# vim /etc/ssh/sshd_config
SyslogFacility local6
[root@chujiapeng ~]# systemctl restart sshd rsyslog
[root@chujiapeng ~]#
截圖檢視效果
[root@chujiapeng ~]# tail /var/log/m
maillog maillog-20201226 maillog-20201227 mariadb/ messages messages-20201226 messages-20201227 myssh.log
[root@chujiapeng ~]# tail /var/log/m
maillog maillog-20201226 maillog-20201227 mariadb/ messages messages-20201226 messages-20201227 myssh.log
[root@chujiapeng ~]# tail /var/log/myssh.log
Dec 27 17:12:07 chujiapeng sshd[34281]: Server listening on 0.0.0.0 port 22.
Dec 27 17:12:07 chujiapeng sshd[34281]: Server listening on :: port 22.
Dec 27 17:12:14 chujiapeng sshd[34281]: Received signal 15; terminating.
Dec 27 17:12:14 chujiapeng sshd[34298]: Server listening on 0.0.0.0 port 22.
Dec 27 17:12:14 chujiapeng sshd[34298]: Server listening on :: port 22.
Dec 27 17:15:27 chujiapeng sshd[34346]: Accepted password for root from 192.168.170.1 port 49968 ssh2
修改給使用者發、
[root@chujiapeng ~]# vim /etc/rsyslog.conf
local6.* root,chujiapeng
[root@chujiapeng ~]# systemctl restart rsyslog
給遠端機器發,基於網路演示
192.168.170.27的日誌傳送給192.168.170.17
1.首先開啟17的埠 服務,來接受和存放日誌路徑
vim /etc/rsyslog.conf
$ModLoad imudp
$UDPServerRun 514
local6.* /var/log/remote27.log
[root@chujiapeng ~]# systemctl restart rsyslog
[root@chujiapeng ~]# ss -ntul
State Recv-Q Send-Q Local Address:Port Peer Address:Port
UNCONN 0 0 *:5353 *:*
UNCONN 0 0 *:57747 *:*
UNCONN 0 0 *:514 *:*
UNCONN 0 0 :::514 :::*
[root@chujiapeng ~]#
2.然後在傳送日誌主機修改配置檔案
vim /etc/rsyslog.conf
local6.* @192.168.170.17
重啟服務
[root@chujiapeng ~]# systemctl restart rsyslog
測試過程詳見截圖
到此演示結束
實驗二收集apache訪問日誌,並實現圖形化展示。