Shulou(Shulou.com)06/01 Report--

This article focuses on "how to collect logs from a remote Linux machine". Interested friends may wish to have a look at it. The method introduced in this paper is simple, fast and practical. Now let the editor take you to learn how to collect logs from a remote Linux machine.

If your data center is full of Linux servers, you are the system administrator. Then one of your jobs is to look at the server's log files. However, if you view log files on a large number of machines, it means that you need to log in to the machine one by one to read the log files. If you manage a lot of machines, this job alone can take you a day.

Alternatively, you can configure a separate Linux machine to collect these logs. This will make your daily work more efficient. To achieve this, there are many different systems for you to choose from, and syslog-ng is one of them.

The drawback of syslog-ng is that documents are not easy to sort out. However, I have solved this problem, and I can install and configure syslog-ng right away in this way. Next, I will demonstrate these two methods on Ubuntu Server 16.04:

The IP address of UBUNTUSERVERVM is 192.168.1.118 and will be configured as a log collector

UBUNTUSERVERVM2 will be configured as a client to send log files to the collector

Now let's start the installation and configuration.

Installation

Installation is easy. To make it as easy as possible, I will install it from the standard warehouse. Open a terminal window and run the following command:

Sudo apt install syslog-ng

You must run the above commands on both the collector and the client machine. After the installation is complete, you will begin the configuration.

Configure the collector

Now, let's start configuring the log collector. Its configuration file is / etc/syslog-ng/syslog-ng.conf. A configuration file is included when the syslog-ng installation is complete. Instead of using the default configuration file, we can use mv / etc/syslog-ng/syslog-ng.conf / etc/syslog-ng/syslog-ng.conf.BAK to rename the default configuration file that comes with it. Now create a new configuration file using the sudo nano / etc/syslog/syslog-ng.conf command. Add the following line to this file:

Version: 3.5@include "scl.conf" @ include "`scl- root` / system/tty10.conf" options {time-reap (30); mark-freq (10); keep-hostname (yes);}; source s_local {system (); internal ();}; source s_network {syslog (transport (tcp) port (514);} Destination d_local {file ("/ var/log/syslog-ng/messages_$ {HOST}");}; destination d_logs {file ("/ var/log/syslog-ng/logs.txt" owner ("root") group ("root") perm (0777);}; log {source (s_local); source (s_network) Destination (d_logs);}

It is important to note that syslog-ng uses port 514, and you need to make sure it is accessible on your network.

Save and close the file. The above configuration will dump the desired log files (indicated by system () and internal ()) into / var/log/syslog-ng/logs.txt. Therefore, you need to create the required directories and files using the following command:

Sudo mkdir / var/log/syslog-ngsudo touch / var/log/syslog-ng/logs.txt

Start and enable syslog-ng using the following command:

Sudo systemctl start syslog-ngsudo systemctl enable syslog-ng configuration client

We will do the same thing on the client (move the default profile and create a new profile). Copy the following text to the new client profile:

Version: 3.5@include "scl.conf" @ include "`scl- root` / system/tty10.conf" source s_local {system (); internal ();}; destination d_syslog_tcp {syslog ("192.168.1.118" transport ("tcp") port (514);}; log {source (s_local); destination (d_syslog_tcp);}

Please note: please change the IP address to the IP address of the collector.

Save and close this file. Start and enable syslog-ng in the same way as on a machine configured as a collector.

View log files

Go back to the server you configured as a collector and run this command sudo tail-f / var/log/syslog-ng/logs.txt. You will see the output containing the log entries for the collector and the client (figure A).

Figure A

Congratulations! Syslog-ng is already working properly. You can now log in to your collector to view the logs of your local machine and remote clients. If you have many Linux servers in your data center, install syslog-ng on each server and configure them to send logs to the collector as clients, so you don't have to log in to each machine to view their logs.

At this point, I believe you have a deeper understanding of "how to collect logs from a remote Linux machine". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.