In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-04 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/03 Report--
Log:
Historical events: time, place, people, date and time of events
Event record format:
Date time host process [pid]: event content
Cpact S architecture: log records are delivered through services of TCP or UDP protocol, and logs distributed on different hosts are managed centrally
Rsyslog
rsyslog features: CentOS6 and 7 multithreading
UDP, TCP, SSL, TLS, RELP
MySQL, PGSQL, Oracle to implement log storage
powerful filter to filter any part of log information
custom output format
[root@node4~] # rpm-Q rsyslog # query rsyslog log package rsyslog-8.24.0-12.el7.x86_64 [root@node4~] # rpm-ql rsyslog/etc/logrotate.d/syslog/etc/pki/rsyslog/etc/rsyslog.conf/etc/rsyslog.d/etc/sysconfig/rsyslog/usr/bin/rsyslog-recover-qi.pl/usr/lib/systemd/system/rsyslog.service
ELK:elasticsearch, logstash, kibana
non-relational distributed database
is based on the project lucene of the jakarta project team of apache Software Foundation.
Elasticsearch is an open source distributed search engine
Logstash collects, analyzes, and stores logs for future use
kibana can provide a friendly Web interface for log analysis
Rsyslog introduction
Terminology, see man logger
Facility: a facility to categorize logs functionally or programmatically
Auth, authpriv, cron, daemon,ftp,kern, lpr, mail, news, security (auth), user, uucp, local0-local7, syslog
Priority priority, sorted from low to high
Debug, info, notice, warn (warning), err (error), crit (critical), alert, emerg (panic)
see help: man 3 syslog
Rsyslog
package: rsyslog
main program: / usr/sbin/rsyslogd
CentOS 6:service rsyslog {start | stop | restart | status} CentOS 7:/usr/lib/systemd/system/rsyslog.service
configuration file: / etc/rsyslog.conf,/etc/rsyslog.d/*.conf
library file: / lib64/rsyslog/*.so
Configuration file format: consists of three parts
MODULES: related module configuration
GLOBAL DIRECTIVES: global configuration
RULES: rule configuration related to logging
Rsyslog
RULES configuration format: facility.priority; facility.priority … Target
facility:*: all the facility
List of facility specified by facility1,facility2,facility3,...:
priority: *: all levels
None: no level, that is, no record
PRIORITY: all levels above the specified level (inclusive)
= PRIORITY: only log information at the specified level is recorded
target:
File path: usually in front of the / var/log/, file path-indicates asynchronous write
User: notifies the specified user of the log event, * indicates all logged-in users
Log server: @ host, send the log to the specified remote server for record
Pipeline: | COMMAND, forward to other commands for processing
Departure log tool: logger [root@node4~] # logger "this is a test log" [root@node4~] # tail / var/log/messages Jan 18 17:40:01 node4 systemd: Starting Session 27 of user root.Jan 18 17:46:26 node4 dbus: [system] Activating via systemd: service name='org.freedesktop.PackageKit' unit='packagekit.service'Jan 18 17:46:26 node4 dbus-daemon: dbus: [system] Activating via systemd: service name='org.freedesktop. PackageKit' unit='packagekit.service'Jan 18 17:46:26 node4 systemd: Starting PackageKit Daemon...Jan 18 17:46:26 node4 dbus [626]: [system] Successfully activated service' org.freedesktop.PackageKit'Jan 18 17:46:26 node4 dbus-daemon: dbus [626]: [system] Successfully activated service' org.freedesktop.PackageKit'Jan 18 17:46:26 node4 systemd: Started PackageKit Daemon.Jan 18 17:50:01 node4 systemd: Started Session 28 of user root.Jan 18 17:50:01 Node4 systemd: Starting Session 28 of user root.Jan 18 17:51:03 node4 root: this is a test log [root@node4~] # egrep-v'^ $| #'/ etc/rsyslog.conf # View the log path related to the configuration file $WorkDirectory / var/lib/rsyslog$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat$IncludeConfig / etc/rsyslog.d/*.conf$OmitLocalLogging on$IMJournalStateFile imjournal.state*.info Mail.none;authpriv.none Cron.none / var/log/messagesauthpriv.* / var/log/securemail.*-/ var/log/maillogcron.* / var/log/cron*.emerg : omusrmsg:*uucp News.crit / var/log/spoolerlocal7.* / var/log/boot.log
The ssh log is recorded in the secure log.
[root@node4~] # ssh 192.168.137.47 root@192.168.137.47's password: [root@node4~] # tail / var/log/secureJan 18 18:14:56 node4 sshd [4090]: pam_unix (sshd:auth): authentication failure Logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.137.47 user=rootJan 18 18:14:56 node4 sshd [4090]: pam_succeed_if (sshd:auth): requirement "uid > = 1000" not met by user "root" Jan 18 18:14:58 node4 sshd [4090]: Failed password for root from 192.168.137.47 port 52894 ssh3 [root@node4~] # egrep-v "^ $| ^ #" / etc/ssh/sshd_config | grep SyslogFacility SyslogFacility AUTHPRIV
Define log log path
[root@node4~] # vim + 33 / etc/ssh/sshd_config 33 SyslogFacility local7 34 LogLevel INFO [root@node4~] # vim / etc/rsyslog.d/sshd.conf 1 local7.* / var/log/sshd.log [root@node4~] # systemctl restart rsyslog sshd [root@node4~] # ps aux | grep rsyslogd (rpm-Q rsyslog / rpm-ql rsyslog.$packet) root 4665 0.0 0.2 275560 2668? Ssl 18:49 0:00 / usr/sbin/rsyslogd-nroot 4700 0.0 112660 968 pts/1 S + 18:50 0:00 grep-- color=auto rsyslogd [root@node4~] # ssh 192.168.137.47root@192.168.137.47's password: Permission denied, please try again.root@192.168.137.47's password: Permission denied, please try again.root@192.168.137.47's password: Permission denied (publickey Password). [root@node4~] # tail / var/log/sshd.logJan 18 18:49:08 node4 sshd [4664]: Server listening on 0.0.0.0 port 22.Jan 18 18:49:08 node4 sshd [4664]: Server listening on:: port 22.Jan 18 18:49:46 node4 sshd [4681]: Failed password for root from 192.168.137.47 port 52900 ssh3Jan 18 18:49:46 node4 sshd [4681]: Failed password for root from 192.168.137.47 port 52900 ssh3Jan 18 18:49:46 node4 sshd [4681]: Connection closed by 192.168.137.47 port 52900 [preauth] event recording format: date time host process [pid]: event content
Centos7: modify the host name:
[root@node3~] # hostnamectl set-hostname $hostname
[root@node3~] # / etc/host
Log server: @ host, send the log to the specified remote server for record
Enable the web log service
The usual log format of :
Date-time host process (pid) generated by the event: event content
For example, such as / var/log/messages,cron,secure configures rsyslog to become a log server
# MODULES #
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
Log server: @ host Send the log to the designated remote server to record the source host: 192.168.137.47 node4 destination host: 192.168.137.37 node3 [root@node4~] # cat / etc/rsyslog.d/sshd.conf local7.* / var/log/sshd.log#udplocal2.* @ 192.168.137.37 recording tcpkeeper local7.* @ @ 192.168.137.37 [ro ot@node3~] # cat / etc/rsyslog.conf | | grep-A1 $ModLoad imudp$ ModLoad imudp$UDPServerRun 514 [root@node3~] # cat / etc/rsyslog.conf | grep local2.* local2.* / var/log/udp.log test: [root@node4~] # ssh 192.168.137.47root@192.168.137.47's password: [root@node3~] # tail / var/log/udp.log-f Jan 18 22:00 | : 59 node4 sshd [7903]: Accepted password for root from 192.168.137.47 port 52916 ssh3Jan 18 22:01:24 node4 sshd [7903]: Received disconnect from 192.168.137.47 port 52916:11: disconnected by userJan 18 22:01:24 node4 sshd [7903]: Disconnected from 192.168.137.47 port 52916Jan 18 22:19:09 node4 sshd [8172]: Failed password for root from 192.168.137.47 port 52920 ssh3Jan 18 22:19:12 node4 sshd [8172]: Accepted password for root from 192.168.137.47 port 52920 ssh3
Other logs
Other log files
# / var/log/secure: system installation log, text format, should be analyzed periodically
# / var/log/btmp: log information related to failed login attempts of users on the current system, binary grid
Style, lastb command to view
# / var/log/wtmp: log information of users logging in to the system normally on the current system, in binary format
Type, the last command can view
# / var/log/lastlog: each user's last login information, binary format, lastlog command
You can view
# / var/log/dmesg: log information during system boot, text format
Text View tool View
Special command dmesg view
# / var/log/messages: most of the information in the system
# / var/log/anaconda: log of anaconda
[root@node4/var/log] # lastb | head | awk'{print $3}'| sort | uniq-c 10 192.168.137.47 [root@node4/var/log] # lastb | head | awk'{ip [$3] +} END {for (i in ip) {print ip [I], I}'10 192.168.137.47
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.