In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-03-29 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Database >
Share
Shulou(Shulou.com)06/01 Report--
Logs: historical event log
Historical events:
time, event
time level (log level): the criticality of the event
Events: some events during system boot startup, application startup, and the running of applications, especially service applications:
Syslog service:
syslog:
syslogd:system
klogd:kernel
When the event format is relatively simple, it can be uniformly logged by syslog:
Date-time host process generated by the event [pid]: event content
Support for Cramp S architecture: logging services can be provided through UDP or TCP protocols
Rsyslog:
rsyslogd:
features:
multithreading
UDP,TCP,SSL,TLS,RELP
stores log information in mysql, pgsql, oracle and other data management systems.
powerful filter to filter any part of the log information
custom output format
Elk stack:elasticsearch,logstash,kibana
Terms in the rsyslog log collector:
facility: facility for classifying log collection functionally or programmatically:
auth,authpriv,cron,daemon,kern,lpr,mail,mark,news,security,user,uucp,local0-local7,syslog
priority: priority, log level
Debug,info,notice,warn (warning), err (error), crit (critical), alert,emerg (panic)
Specify the level:
: all levels
None: no level
priority: this level is above all levels above this level
= priority: this level only
……
Program environment:
main program: rsyslogd
main configuration file: / etc/rsyslog.conf, / etc/rsyslog.d/.conf
service script (centos6): / etc/rc.d/init.d/rsyslog
Unit File (centos7): / usr/lib/system/system/rsyslog.service
Configuration file format rsyslog.conf
It mainly consists of three parts:
MODULES
GLOBAL DRICTIVES
RULES
RULES:
facilty.priority target target:
File: log events are recorded in the specified file; it should usually be located in the / var/log directory; the "-" before the file path indicates asynchronous write
User: notify the specified user of the log event; by sending information to the terminal of the user logged on to the system
Log server: @ host, send the log to the specified server host; br/ > target:
File: log events are recorded in the specified file; it should usually be located in the / var/log directory; the "-" before the file path indicates asynchronous write
User: notify the specified user of the log event; by sending information to the terminal of the user logged on to the system
Log server: @ host, send the log to the specified server host
Pipeline: | COMMAND
Other log files:
/ var/log/wtmp: the log of the current system successfully logged in to the system; you need to use the last command to view
/ var/log/btmp: the current system attempts to log in to the log related to system failure; you need to use the lastb command to view
Lastlog: displays the last time all users on the current system logged in to the system
/ var/log/dmesg: log information during system boot; you can also view it using the dmesg command
Rsyslog server:
edit configuration file / etc/rsyslog.conf, enable the rsyslog server by enabling the option
Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
Example: to log in mysql, here are the general steps:
1. Mysql server: prepare the mysql server, create users, and authorize full access to the syslog database
two。 On rsyslog hosts: install the rsyslog-mysql package
3. On rsyslog hosts: create dependent databases and tables by importing createDB.sql scripts
Mysql-uUSER-hHOST-pPASSWORD
< /usr/share/doc/rsyslog-mysql-VERSION/createDB.sql 4.配置rsyslog使用ommysql模块 MODULES #### $ModLoad ommysql RULES #### Facility.priority :ommysql:DBHOST,DB,DBUSER,DBUSERPASSWORD 注意:重启rsyslog服务;5.Web展示接口:loganalyzer 1) 配置lamp Httpd,php,php-mysql,php-gd 2) 安装loganalyzer #tar xf loganalyzer-3.6.5.tar.gz #cp -r loganalyzer-3.6.5/src /var/www/html/loganalyzer #cp -r loganalyzer-3.6.5/contrib/*.sh /var/www/html/loganalyzer/ #cd /var/www/html/loganalyzer/ #chmod +x *.sh #./configure.sh #./secure.sh #chmod 666 config.php测试,通过url访问; 演示: 日志服务器:192.168.19.134 测试主机:192.168.19.138 Mysql主机:192.168.19.138 启用服务器功能;Start the rsyslog service and test the port
The test edits / etc/rsyslog.conf on another host, pointing the target to the address of this log server
1) Edit the main configuration file of rsyslog on the 19.138 host
2) restart the service and execute an installer
3) Test whether there is a log on the log server
Log in mysql
1) authorize users to have full access to the Syslog database
Note: here, in addition to authorizing the permissions of the local machine, but also the permissions of the rsyslog host to access the mysql database, otherwise, remote access to mysql will fail.
2) install rsyslog-mysql package on rsyslog host
3) create dependent databases and tables by importing createDB.sql scripts on the rsyslog host
4) configure rsyslog to use ommysql module
Note: restart the rsyslog service
5) Test
Install php,php-mysql on the test host and query the contents of the Syslog table in the mysql server database
Web display API: loganalyzer
1) configure lamp combination
Httpd,php,php,mysql,php-gd
2) install loganalyzer
a. Decompression
b. Copy related files to the / var/www/html directory
c. Change the permissions of the .sh end file
d. Execute script
E. Config.php file permission modification
f. Test access
The visit page is as follows:
Ensure that config.php permissions are writable:
Step7, create a data source, and enter as follows:
Go to the page and view the log with the showevents option.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.