Shulou(Shulou.com)06/02 Report--

Centos5 series system comes with syslog1.4.1

Centos6 series comes with rsyslog version 5.8.10

Centos7 series comes with rsyslog version 7.4.7

At present, the latest version of rsyslog is 8.27.0J rsyslog refactoring the imfile module from 8.5.0, and wildcards can be supported in the file name.

Rsyslog official website: http://www.rsyslog.com/

Upgrading rsyslog requires configuring the yum source, and the default upgrade of centos is not the latest version.

1. Configure yum

To be able to use the RPM repository, you need a .repo file. To use your webbrowser, visit http://rpms.adiscon.com. Here, you can download the rsyslogall.repo file, or go to a subfolder of the desired version (such as v8-stable) and download the rsyslog.repo file from there. Translated by google.

[root@localhost yum.repos.d] # pwd/etc/yum.repos.d [root@localhost yum.repos.d] # lsdvd.repo packagekit-media.repo rhel-source.repo rsyslog.repo [root@localhost yum.repos.d] # cat rsyslog.repo [rsyslog_v8] name=Adiscon CentOS-$releasever-local packages for $basearchbaseurl= http://rpms.adiscon.com/v8-stable/epel-$releasever/$basearchenabled=1gpgcheck=0gpgkey=http://rpms.adiscon.com/RPM-GPG-KEY-Adisconprotect=1[root@localhost yum.repos.d] # rpm-qa | grep-I rsyslogrsyslog-5.8.10-10.el6_6.x86_64 [root@localhost yum.repos.d] # yum-y install rsyslog [root@localhost yum.repos.d] # rpm-qa | grep-I rsyslogrsyslog-8.27.0-2.el6.x86_64 [root@localhost yum.repos.d] #

According to the official website document, if you copy the above configuration, the variables may be parsed incorrectly, which may lead to unsuccessful installation. At this time, you need to replace the variable "$releasever" in the third line. The value of $releasever indicates the current system release version, which can be checked through the rpm-qi centos-release command, where Version:6 is the version number of our system. $basearch is our system hardware architecture (CPU instruction set), which can be obtained by using the command arch.

[root@localhost yum.repos.d] # rpm-qi centos-releaseName: centos-release Relocations: (not relocatable) Version: 6 Vendor: CentOSRelease: 5.el6.centos.11.1 Build Date: Wed 27 Nov 2013 07:53:33 PM CSTInstall Date: Thu 27 Apr 2017 06:39:55 PM CST Build Host: c6b9.bsys.dev.centos .orgGroup: System Environment/Base Source RPM: centos-release-6-5.el6.centos.11.1.src.rpmSize: 32670 License: GPLv2Signature: RSA/SHA1 Wed 27 Nov 2013 09:26:58 PM CST, Key ID 0946fca2c105b9dePackager: CentOS BuildSystem Summary: CentOS release fileDescription: CentOS release files [root@localhost yum.repos.d] # archx86_64 [root@localhost yum.repos.d] #

2. Configure rsyslog

By default, rsyslog can only send system logs, such as DHCP,cron, kern, and so on. Now you need to send a service log to a remote rsyslog server, using rsyslog's imfile module. This module provides the ability to convert any standard text file into an syslog message. The file is read line by line, and any read lines are passed to rsyslog's rules engine.

Official documents:

Http://www.rsyslog.com/doc/v8-stable/configuration/modules/imfile.html

The above figure is a sample configuration. Each parameter can be described in the corresponding module parameter description in the article, Module Parameters in the module reference article, and Input Parameters in the input reference article.

[root@localhost yum.repos.d] # cp / etc/rsyslog.conf {, .20170613bak} [root@localhost yum.repos.d] # vim / etc/rsyslog.confmodule (load= "imfile" PollingInterval= "10") input (type= "imfile" File= "/ opt/CalculationUnit/java/sh/logs/bigada.log" Tag= "CalculationUnit" Severity= "info" Facility= "local0" freshStartTail= "on" deleteStateOnFileDelete= "on") local0.* @ 10.10.15.175: 514 [root @ localhost yum.repos.d] # / etc/init.d/rsyslog restart

Module

Load= "imfile" loads imfile module

Frequency of PollingInterval= "10" polling of files (in seconds). Default is 10 seconds.

Input

Type= "imfile"

The absolute path of the file sent by File= "/ opt/CalculationUnit/java/sh/logs/bigada.log" to syslog

Tag= "CalculationUnit"

Severity= "info"

Facility= "local0"

FreshStartTail= "on" is set to enable on to only read the latest data and discard the old log each time rsyslog is restarted. Default is off.

DeleteStateOnFileDelete= "on" such a file will be regenerated and secondary parameters need to be enabled. For example, bigdata.log will be renamed to bigdata%YYYY%mm%dd%.log in the early hours of every morning, and then bigdata.log will be regenerated.

Local0.* @ 10.10.15.175 514 defines the address of the syslog server

Error: Permission denied

Jun 27 18:33:46 localhost rsyslogd: imfile warning: directory'/ opt/CalculationUnit/java/sh/logs': Permission denied [v8.27.0 try http://www.rsyslog.com/e/2046] Jun 27 18:33:46 localhost rsyslogd: [origin software= "rsyslogd" swVersion= "8.27.0" Xmuri pid= "19409" xMuiinfo = "http://www.rsyslog.com"] startJun 27 18:33:46 localhost rsyslogd: imfile: error with inotify API Ignoring file'/ opt/CalculationUnit/java/sh/logs/bigada.log': Permission denied [v8.27.0]

Check selinux

[root@localhost ~] # sestatusSELinux status: enabledSELinuxfs mount: / selinuxCurrent mode: enforcingMode from config file: enforcingPolicy version: 24Policy from config file: targeted [root@localhost ~] # getenforce Enforcing [root@localhost ~] # setenforce 0 [root@localhost ~] # getenforce Permissive [root@localhost ~] # sestatusSELinux status: enabledSELinuxfs mount : / selinuxCurrent mode: permissiveMode from config file: enforcingPolicy version: 24Policy from config file: targeted [root@localhost ~] # vim / etc/sysconfig/selinux [root@localhost ~] # / etc/init.d/rsyslog restartShutting down system logger: [OK] Starting system logger: [OK] [root@localhost ~] #

Information can now be found in the syslog server database

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.