centos7设置rsyslog日志服务集中服务器
环境:centos6.9_x86_64,自带的rsyslog版本是7.4.7,很多配置都不支持,于是进行升级后配置
# 安装新版本的rsyslog程序
wget http://rpms.adiscon.com/v8-stable/rsyslog.repo
mv rsyslog.repo /etc/yum.repos.d/rsyslog.repo
yum install rsyslog* --skip-broken
[root@:/etc]# rsyslogd -ver
rsyslogd 8.1907.0 (aka 2019.07) compiled with:
PLATFORM: x86_64-redhat-linux-gnu
PLATFORM (lsb_release -d):
FEATURE_REGEXP: Yes
GSSAPI Kerberos 5 support: Yes
FEATURE_DEBUG (debug build, slow code): No
32bit Atomic operations supported: Yes
64bit Atomic operations supported: Yes
memory allocator: system default
Runtime Instrumentation (slow code): No
uuid support: Yes
systemd support: Yes
Config file: /etc/rsyslog.conf
PID file: /var/run/syslogd.pid
Number of Bits in RainerScript integers: 64
See https://www.rsyslog.com for more information.
服务端的配置:
[root:/etc]# egrep -v '^#|^$' /etc/rsyslog.conf
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # reads kernel messages (the same are read from journald)
$ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerRun 514
$WorkDirectory /var/lib/rsyslog
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$DirCreateMode 0755
$FileCreateMode 0644
$Umask 0022
$IncludeConfig /etc/rsyslog.d/*.conf
$template slog, "%$year%%$month%%$day%%$hour%%$minute% %msg:R,ERE,3,DFLT:(SLOG|ALOG|BLOG)(_[a-zA-Z0-9]+)+s(.*)--end%
"
$template slogfile1, "/data/www/logs/%msg:R,ERE,1,DFLT:(SLOG|ALOG|BLOG)(_[A-Z0-9]+)+s.*--end:lowercase%/%msg:R,ERE,2,DFLT:(SLOG|ALOG|BLOG)_([A-Z0-9]+)(_[a-zA-Z0-9]+)*s.*--end:lowercase%/%msg:R,ERE,2,DFLT:(SLOG|ALOG|BLOG)_([A-Z0-9]+(_[a-zA-Z0-9]+)*)s.*--end:lowercase%/%$year%%$month%%$day%%$hour%%$minute%.log"
$template slogfile2, "/data/www/logs/%msg:R,ERE,2,DFLT:(BLOG)_([A-Z0-9]+)(_[a-zA-Z0-9]+)*s.*--end:lowercase%/%msg:R,ERE,3,DFLT:(BLOG)_([A-Z0-9]+)_([a-zA-Z0-9]+)*s.*--end:lowercase%/%$year%%$month%%$day%.log"
:msg, ereregex, "(S|A|B)LOG(_[A-Z0-9]+)+ " ?slogfile2;slog
:msg, ereregex, "(S|A|B)LOG(_[A-Z0-9]+)+ " ~
*.info;mail.none;authpriv.none;cron.none /var/log/messages
authpriv.* /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
*.emerg :omusrmsg:*
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log
$ActionQueueFileName fwdRule1 # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
$ActionQueueType LinkedList # run asynchronously
$MainMsgQueueDiscardMark 2000000
$MainMsgQueueHighWaterMark 1000000
$MainMsgQueueLowWaterMark 800000
$MainMsgQueueMaxDiskSpace 5g
$MainMsgQueueSize 8000000
$MainMsgQueueTimeoutEnqueue 0
$MainMsgQueueSaveOnShutdown on
# 客户端配置
[root@:~]# egrep -v '^#|^$' /etc/rsyslog.conf
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal
$WorkDirectory /var/lib/rsyslog
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
$OmitLocalLogging on
$IMJournalStateFile imjournal.state
*.info;mail.none;authpriv.none;cron.none /var/log/messages
authpriv.* /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
*.emerg :omusrmsg:*
uucp,news.crit /var/log/spooler
# 服务端的ip地址
local7.* @172.17.0.36:514
*.* @@172.17.0.36:514
# 客户端测试:
[root@:~]# logger -t 'hello' 'jack'
# 服务端观察,看到测试日志说明配置成功
[root@:~]# tail -f /var/log/messages
Jul 19 00:01:28 eus_pe_web03 hello: jack
###############
收集客户端php的日志示例
# 服务端配置
# egrep -v '^#|^$' /etc/rsyslog.conf
module(load="imuxsock") # provides support for local system logging (e.g. via logger command)
module(load="imklog") # provides kernel logging support (previously done by rklogd)
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
*.info;mail.none;authpriv.none;cron.none /var/log/messages
authpriv.* /var/log/secure
mail.* /var/log/maillog
cron.* /var/log/cron
*.emerg :omusrmsg:*
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log
$ModLoad imudp
$UDPServerRun 514
$AllowedSender UDP, 172.16.2.0/24
$template dsformat,"%msg%
"
$ActionFileDefaultTemplate dsformat
$FileOwner apache
$FileGroup users
$FileCreateMode 0755
$DirCreateMode 0755
$template RemoteLogs,"/data/www/logs/seaslogs/%fromhost-ip%/%fromhost-ip%_%$YEAR%-%$MONTH%-%$DAY%.log"
:fromhost-ip, !isequal, "127.0.0.1" ?RemoteLogs
& ~
# php收集日志客户配置
php.ini文件中加入如下配置:
extension=seaslog.so
seaslog.default_basepath = "/data/www/logs/php_log"
seaslog.appender = 3
seaslog.remote_host = "172.16.2.139"
seaslog.remote_port = 514
seaslog.remote_timeout = 3
# 日志示例
tail -f /data/www/logs/seaslogs/172.16.2.162/172.16.2.162_2020-05-22.log
2020-05-21 21:09:26 | error | 28402 | 5ec75076d0848 | 1590120566.858 | api | MDM_CALLBACK | https://app-api.chinasoft.com/v1/mdm/server?s=mzXYPo5rkXv_bbWGHENH8eWNpEhGBLzdEE97GJDOpc9lGvLKNwiecn4nVjFwfthlQMYRmyzdYNtucDQcGIki7sFN78X1BET9Bj0JnLl2_AEkkf24KBySX4VvCBZNk3mU | member_id:1564595|device_id:210473|info:No Command!|data:<?xml version="1.0" encoding="UTF-8"?>#012<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">#012<plist version="1.0">#012<dict>#012#011<key>Status</key>#012#011<string>Idle</string>#012#011<key>UDID</key>#012#011<string>00008030-000E159E2239802E</string>#012</dict>#012</plist>#012|file:/data/www/vhosts/u.chinasoft.com/httpdocs/api/modules/app/v1/controllers/aa.php:304 |
2020-05-22 04:09:53 | error | 27491 | 5ec75090c5a59 | 1590120593.14 | api | commoncomponentsMyMember::createUser | https://app-api.chinasoft.com/v1/member/auth-register?platform=1&password=616d72616e31313232&access_from=1&device_id=&username=hossaamran%40gamil.com&key=EE12071A4BC85EE516C78C38E78D1F14&client_sign=%7Bffffffff-b0a5-f417-ffff-ffffe29c55c9%7D&ishex=1&lang=en&request_token=227ad8fc4310251f03a269b648103056&adver=×tamp=1590120589937&vc=56141efc387551c5bdf9d913b24601e7 | send register email failed |
2020-05-21 21:11:01 | error | 27653 | 5ec750d55ee14 | 1590120661.394 | api | MDM_CALLBACK | https://app-api.chinasoft.com/v1/mdm/server?s=tIJ2oiOxqNXN6mAMCziUNiGcNHPUP3xcelvb7WvG9Ojdse118tISytwWD3AnlaVM12gF6cJ6fVf28FrWCiv_VYSZo7B0P8mdaGROSnGMnrk | member_id:14791|device_id:6592|info:No Command!|data:<?xml version="1.0" encoding="UTF-8"?>#012<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">#012<plist version="1.0">#012<dict>#012#011<key>Status</key>#012#011<string>Idle</string>#012#011<key>UDID</key>#012#011<string>ba4f79ee25780182175890ee11bbf0b5b946f693</string>#012</dict>#012</plist>#012|file:/data/www/vhosts/u.chinasoft.com/httpdocs/api/modules/app/v1/controllers/aa.php:304 |
2020-05-21 21:14:49 | warning | 27931 | 5ec751b97ce22 | 1590120889.518 | api | DEBUG | https://data-api.chinasoft.com/v1/gather/log?member_id=&access_token=&client_sign=%7Bffffffff-c4ee-3548-ffff-ffffef05ac4a%7D&access_from=1&adsTag=google&lang=ar&vc=355a9bb8c8a87609e341352fabc63ff9&platform=1&key=EE12071A4BC85EE516C78C38E78D1F14×tamp=1590120912616 | [#012 'member_id' => ''#012 'access_token' => ''#012 'client_sign' => '{ffffffff-c4ee-3548-ffff-ffffef05ac4a}'#012 'access_from' => '1'#012 'adsTag' => 'google'#012 'lang' => 'ar'#012 'vc' => '355a9bb8c8a87609e341352fabc63ff9'#012 'platform' => '1'#012 'key' => 'EE12071A4BC85EE516C78C38E78D1F14'#012 'timestamp' => '1590120912616'#012] |
2020-05-21 21:17:10 | warning | 7412 | 5ec75246b96df | 1590121030.928 | frontend | DEMO_TRACK | https://u.chinasoft.com/sign-up.html?lang=en-US | 1576736 |
2020-05-21 21:19:00 | error | 27742 | 5ec752b4ef3ff | 1590121140.985 | api | MDM_CALLBACK | https://app-api.chinasoft.com/v1/mdm/server?s=r1dDe0nRLurLslOPW1Xb3FvqS2-USbSSxB8jCWzajgChPpecaJcsietRMgh4Ilh1Q8Cna0iUl_FXsa8eyQH4EQQ9h0GcjT_E-eR7m2JC-vS1NcNY5wMs36xBumYra9-3 | member_id:1256223|device_id:175489|info:No Command!|data:<?xml version="1.0" encoding="UTF-8"?>#012<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">#012<plist version="1.0">#012<dict>#012#011<key>Status</key>#012#011<string>Idle</string>#012#011<key>UDID</key>#012#011<string>00008030-001624CE01D2802E</string>#012</dict>#012</plist>#012|file:/data/www/vhosts/u.chinasoft.com/httpdocs/api/modules/app/v1/controllers/aa.php:304 |
2020-05-22 05:01:02 | error | 15699 | 5ec75c51cec01 | 1590123662.361 | console | VOIP_PUSH | N | get feedback list error |
2020-05-22 05:01:02 | error | 15699 | 5ec75c51cec01 | 1590123662.361 | console | NORMAL_PUSH | N | get feedback list error |