服務(wù)器日志 之 一鍵部署log服務(wù)器

1? 概述

服務(wù)器上的日志,處理記錄在本機(jī)上,也可以搭建專門收集log的服務(wù)器,方便分析。本文將介紹如何啟用rsyslog的TCP和UDP的514端口進(jìn)行網(wǎng)絡(luò)日志收集,并通過(guò)rsyslog-mysql這個(gè)工具將日志記錄到mysql數(shù)據(jù)庫(kù)中, 再通過(guò)loganalyzer工具將日志用頁(yè)面的形式展示出來(lái)

最后,本文將附上一鍵化部署安裝log服務(wù)器的腳本

2? 配置rsyslog成為日志服務(wù)器

要使得rsyslog成功日志服務(wù)器,從而收集其他主機(jī)的日志,要將TCP和UDP的514端口打開(kāi),通過(guò)修改配置文件/etc/rsyslog實(shí)現(xiàn)

配置如下

vim??/etc/rsyslog

####?MODULES?####

#?Provides?UDP?syslog?reception

$ModLoadim??udp

$UDPServerRun??514

#?Provides?TCP?syslog?reception

$ModLoadim??tcp

$InputTCPServerRun??514

例子

設(shè)置一臺(tái)機(jī)器為serverlog,專門用來(lái)收集日志,其他機(jī)器為客戶端,不記錄日志

假設(shè)log server為172.18.50.75這臺(tái),客戶端上定義一個(gè)facility為local2,配置如下

服務(wù)器端

vim??/etc/rsyslog.conf

$ModLoad?imudp#啟用imudp模塊

$UDPServerRun?514#開(kāi)啟UDP?514端口用來(lái)收集日志

$ModLoad?imtcp?#啟用imtcp模塊

$InputTCPServerRun?514?#開(kāi)啟TCP514端口用來(lái)收集日志

local2.*???/var/serverlog/6Alocal2.log

#定義facility為local2的所有基本的日志都記錄到/var/serverlog/6Alocal2.log,注意,這里6Alocal2.log這個(gè)log文件可以不用創(chuàng)建,只需重啟rsyslog的服務(wù),下次當(dāng)滿足條件的日志要記錄的時(shí)候,系統(tǒng)就會(huì)自動(dòng)生成。注意如果沒(méi)有生成,可能是服務(wù)器端沒(méi)有重啟服務(wù)導(dǎo)致。

重啟服務(wù)

service?rsyslog?restart

客戶端

vim??/etc/rsyslog.conf

local2.*???@172.18.50.75

#表示將facility為2的log記錄到172.18.50.75這臺(tái)機(jī)器上,其中,@表示UDP協(xié)議,@@表示UDP協(xié)議

重啟服務(wù)

service?rsyslog?restart

3? rsyslog-mysql將日志記錄于MySQL中

安裝rsyslog-mysql(epel源中),將日志記錄到mysql數(shù)據(jù)庫(kù)中,安裝過(guò)程會(huì)有腳本mysql-createDB.sql生成,需要在mysql服務(wù)器上執(zhí)行該腳本。生成相關(guān)的庫(kù)和表

.(1)準(zhǔn)備MySQLServer

.(2)在rsyslog服務(wù)器上安裝mysql模塊相關(guān)的程序包(epel源中)

yum?install?rsyslog-mysql

.(3)為rsyslog創(chuàng)建數(shù)據(jù)庫(kù)及表;安裝rsyslog-mysql(epel源中),會(huì)有腳本/usr/share/doc/rsyslog-8.24.0/mysql-createDB.sql生成,將這個(gè)腳本導(dǎo)入到數(shù)據(jù)庫(kù)中,用來(lái)生成表和數(shù)據(jù)庫(kù),

mysql??-uUSERNAME??-hHOST??-pPASSWORD?D?<?/usr/share/doc/rsyslog-7.4.7/mysql-createDB.sql

#執(zhí)行數(shù)據(jù)庫(kù)的腳本,表示用數(shù)據(jù)庫(kù)賬號(hào)直接執(zhí)行mysql-createDB.sql這個(gè)腳本,注意用<小于號(hào)表示將mysql-createDB.sql這個(gè)腳本導(dǎo)入數(shù)據(jù)庫(kù)

.(4)在mysqlserver上授權(quán)rsyslog能連接至當(dāng)前服務(wù)器

mysql>?GRANT?ALL?ON?Syslog.*??TO?'USER'@'HOST'??IDENTIFIED?BY?'PASSWORD';

.(5)配置rsyslog,將日志保存到mysql中

####?MODULES?####

$ModLoadom??mysql

####?RULES?####

facility.priority????:ommysql:DBHOST,DBNAME,DBUSER,?PASSWORD

:ommysql:這個(gè)是模塊名,將來(lái)local2這個(gè)模式的日志將會(huì)安裝以下的定義將日志記錄到106的服務(wù)器上

4? 通過(guò)loganalyzer展示數(shù)據(jù)庫(kù)中的日志

loganalyzer基于php開(kāi)發(fā)的,可以讀取數(shù)據(jù)庫(kù)的內(nèi)容,以報(bào)表形式展現(xiàn)出來(lái)

.(1)在rsyslog服務(wù)器上準(zhǔn)備amp或nmp組合

yum?install?httpd?php??php-mysql??php-gd

php-mysql連接數(shù)據(jù)庫(kù)用的

php-gd畫(huà)圖用的,epel源中

.(2)安裝LogAnalyzer

tar?xf??loganalyzer-4.1.5.tar.gz

cp? -a? loganalyzer-4.1.5/src? /var/www/html/log

#只拷貝該軟件loganalyzer-4.1.5下src的目錄就可以了

cd?/var/www/html/log

touch?config.php

chmod??666?config.php

#這個(gè)config.php文件只需要?jiǎng)?chuàng)建并賦予寫的權(quán)限即可,不需要添加內(nèi)容,該配置文件的內(nèi)容將在重啟服務(wù)后,在網(wǎng)頁(yè)進(jìn)行配置的時(shí)候?qū)懭搿?/p>

.(3)配置loganalyzer

#重啟httpd服務(wù)

systemctl?start?httpd.service

輸入http://websrv/log進(jìn)行配置,寫入的內(nèi)容將入記錄到config.php這個(gè)文件里,注意MySQL Native, Syslog Fields,Monitorware的選擇

打開(kāi)網(wǎng)頁(yè),點(diǎn)擊下一步進(jìn)行配置

Source Type選擇MYSQL Native,出現(xiàn)出現(xiàn)的配置。以下的信息中,默認(rèn)的信息有問(wèn)題,如表的大小寫,如果這里寫錯(cuò)信息,需要更改config.php這個(gè)文件,不修改的話,可以直接刪掉該配置文件,重新創(chuàng)建并寫入。

.(4)安全加強(qiáng)

cd??/var/www/html/loganalyzer

chmod?644?config.php

#將config.php改成只讀模式,防止被其他人修改了相關(guān)配置。這一步建議操作

5? 一鍵安裝腳本

腳本使用前提

注意要配置好本地yum源和epel源,其中epel源建議使用sohu的epel源

loganalyzer這個(gè)軟件包由于是解壓安裝,所以要提前準(zhǔn)備好,或者有可以下載該服務(wù)包的路徑。腳本中作者已經(jīng)提前將這個(gè)服務(wù)包放到了自制的http服務(wù)器中http://172.18.50.75上。

有兩個(gè)腳本

腳本一,用于一鍵化安裝log服務(wù)器

腳本二,用于修改客戶端的/etc/rsyslog.conf這個(gè)配置文件,使得log直接記錄到對(duì)應(yīng)的log服務(wù)器端

腳本一:一鍵安裝log服務(wù)器

#!/bin/bash

#

#*****************************************************************************************

#Author:???????????????Sunny

#Date:?????????????????2017-10-16

#FileName:?????????????auto_install_log_server.sh

#version:??????????????1.0

#Your?change?info:

#Description:??????????For?auto?install?log?server?by?rsyslog-mysql?and?LogAnalyzer

#DOC?URL:

#Copyright(C):?????????2017??All?rihts?reserved

#*****************************************************************************************

os_version=`cat?/etc/system-release?|?grep?-o?"?[0-9]"|?cut?-d?"?"?-f2`

time=`date?+%Y%m%d%H%M`

ip=$(ifconfig??|?awk?'/inet?/{print?$2}'|?awk?-F?:?'{print?$NF}'|?head?-1)

package='loganalyzer-4.1.5.tar.gz'

[?-e?/root/package/package."$time"?]?||?mkdir?-p?/root/package/package."$time";

echo?"$package"?|?tr?-s?"?"?"\n"?&>/root/package/package.file

echo

install_rsyslog_mysq(){

rpm?-q?rsyslog-mysql?&>/dev/null?||?{?yum?-y?install?rsyslog-mysql?&>/dev/null?&&?echo?"rsyslog-mysql?is?install?complete"?||?{?echo?"rsyslog-mysql?is?not?install,check?yum?source";exit;?};?}

read?-p?"Input?your?sql?admin?user(default:root):?"?mysqladmin

mysqladmin=${mysqladmin:-root}

read?-p?"Input?your?sql?admin?user?password:?"?adminpass

createdb=$(rpm?-ql?rsyslog-mysql?|?grep?createDB.sql)

mysql?-u$mysqladmin?-p$adminpass?<?$createdb

/usr/bin/mysql?-u$mysqladmin?-p$adminpass?<

grant?all?on?Syslog.*?to?logadmin@'%'?identified?by?'Pass123456';

EOF

}

config_rsyslog(){

rpm?-q?rsyslog?&>/dev/null?||?{?yum?-y?install?rsyslog?&>/dev/null?&&?echo?"rsyslog?is?install?complete"?||?{?echo?"rsyslog?is?not?install,check?yum?source";exit;?};?}

cat?>>/etc/rsyslog.conf?<

\$ModLoad?imudp

\$UDPServerRun?514

\$ModLoad?imtcp

\$InputTCPServerRun?514

\$ModLoad?ommysql

local2.*????????????????????????????????????????????????:ommysql:$ip,Syslog,logadmin,Pass123456

EOF

echo?"rsyslog?has?been?complete?config,you?can?test?if?facility?local2?can?be?log?now."

echo?"You?can?add?facility.loglevel??:ommysql:$ip,Syslog,logadmin,Pass123456?to?/etc/rsyslog.conf?to?log?more?log?in?the?log?server"

}

install_LogAnalyzer(){

echo?"Now?install?loganalyzer"

tar?xf?/root/package/package."$time"/$package??-C??/usr/local/

cp?-a?/usr/local/loganalyzer-4.1.5/src??/var/www/html/log

touch?/var/www/html/log/config.php

chmod??666?/var/www/html/log/config.php

echo?-e?"LogAnalyzer?has?been?release,please?run?http://$ip/blog?to?config?your?log?admin,defautl?config?is?below\n\n

DBServer?=?"$ip";\n

DBName?=?'Syslog';\n

DBUser?=?'logadmin';\n

DBPassword?=?'Pass123456';\n

DBTableName?=?'SystemEvents';\n

"

}

restart_service(){

service?rsyslog?restart?&>/dev/null?&&?echo?"rsyslog?has?been?restart"?||?echo?"Something?wrong?when?restart?rsyslog,please?check"

service?httpd?restart?&>/dev/null?&&?echo?"httpd?has?been?restart"?||?echo?"Something?wrong?when?restart?httpd,please?check"

case?$os_version?in

6)

service?mysqld?restart?&>/dev/null?&&?echo?"mysql?has?been?restart"?||?echo?"Something?wrong?when?restart?mysql,please?check"

;;

7)

service?mariadb?restart?&>/dev/null?&&?echo?"mysql?has?been?restart"?||?echo?"Something?wrong?when?restart?mysql,please?check"

;;

*)

echo?"Something?wrong?when?restart?mysql,please?check"

exit

;;

esac

}

install_pack(){

rpm?-q?httpd?&>/dev/null?||?{?yum?-y?install?httpd?&>/dev/null?&&?echo?"httpd?is?install?complete"?||?{?echo?"httpd?is?not?install,check?yum?source";exit;?};?}

rpm?-q?php?&>/dev/null?||?{?yum?-y?install?php?&>/dev/null?&&?echo?"php?is?install?complete"?||?{?echo?"php?is?not?install,check?yum?source";exit;?};?}

rpm?-q?php-mysql?&>/dev/null?||?{?yum?-y?install?php-mysql?&>/dev/null?&&?echo?"php-mysql?is?install?complete"?||?{?echo?"php-mysql?is?not?install,check?yum?source";exit;?};?}

rpm?-q?php-gd?&>/dev/null?||?{?yum?-y?install?php-gd?&>/dev/null?&&?echo?"php-gd?is?install?complete"?||?{?echo?"php-gd?is?not?install,check?yum?source";exit;?};?}

}

download_LogAnalyzer(){

echo?"You?have?two?ways?to?get?packages?you?want:"

echo?"remote:?You?will?download?from?remote?server,default?url?is??http://192.168.32.75/source"

echo?"local:??You?have?already?prepare?package?in?the?local?host"

echo

[?-e?/root/package?]?||?mkdir?-p?/root/package;

read?-p??"Your?package?in?l(local)?or?r(remote)(?r?or?l?):?"?choice

case?$choice?in

r)

read?-p?"Please?input?the?url?where?you?want?to?download?package(default:http://172.18.50.75/source):?"?url

url=${url:-http://172.18.50.75/source}

wget?-nv?--spider?$url?2>&1?|?grep?-o?"200?OK"?&>/dev/null?||?{?echo?"The?url?is?wrong?or?could?not?be?connect,the?scirpt?will?exit,please?check";exit;?}

echo?"Now?start?to?download?pack,please?wait?a?minute"

cd??/root/package/package."$time"

while?read?pack;

do

[?-e?/root/package/package."$time"/$pack?]?||?wget?-q?"$url/$pack"

[?-e?/root/package/package."$time"/$pack?]?&&?echo??"$pack?had?been?success?download?!"?||?{?echo?"$pack?did?not?been?downloaded,it?will?exist,please?check...";exit;?}

done

#?rm?-f?/root/package/package.file;

;;

l)

read?-p?"Please?input?the?package?directory(eg:?/root/mariadb?):?"?localdir

echo?"Now?start?to?copy?pack?to?/root/package/package."$time",please?wait?a?minute"

cd??/root/package/package."$time"

while?read?pack

do

[?-e?/root/package/package."$time"/$pack?]?||?cp?$localdir/$pack?/root/package/package."$time"?&>/dev/null;

[?-e?/root/package/package."$time"/$pack?]?&&?echo??"$pack?had?been??success?copy?to?/root/package/package.$time?"?||?{?echo?"$pack?did?not?copy?to?/root/package/package.$time,it?will?exist,please?check...";exit;?}

done

#?rm?-f?/root/package/package.file;

;;

*)

echo?"Your?input?is?not?r?or?l?,and?it?is?wrong?input,the?script?will?exit,please?check"

exit

;;

esac

}

echo

echo?"First?of?all,make?your?basic?and?epel?source?is?ok,it?is?better?sohu?epel,you?can?run?cmd??yum?repolist?to?check?your?yum?source"

echo

read?-p?"Is?your?epel?ok?,answer?y?to?continue,other?to?check?your?epel:?"?isepel

case?$isepel?in

y)

echo?"Since?your?answer?is?y,I?know?your?epel?is?ok,the?script?will?continue..."

;;

*)

echo?"For?your?answer?is?not?y,it?will?exit,please?check?your?epel"

echo?-e?"Below?is?how?to?config?sohu?epel,you?can?write?it?to?/etc/yum.repo.d/sunny.repo\n\n

[sohu]\n

name=sohu-source\n

baseurl=http://mirrors.sohu.com/centos/\$releasever/os/\$basearch/\n

gpgcheck=1\n

enabled=0\n

gpgkey=http://mirrors.sohu.com/centos/\$releasever/os/\$basearch/RPM-GPG-KEY-CentOS-\$releasever\n"

echo

exit

;;

esac

case?$os_version?in

6)

if?rpm?-q?mysql-server?&>/dev/null;then

echo?"The??mysql-server?is?already?install?before"

else

rpm?-q?mysql?&>/dev/null?||?{?yum?-y?install?mysql?&>/dev/null?&&?echo?"mysql?is?install?complete"?||?{?echo?"mysql?is?not?install,check?yum?source";exit;?};?}

rpm?-q?mysql-server?&>/dev/null?||?{?yum?-y?install?mysql-server?&>/dev/null?&&?echo?"mysql-server?is?install?complete"?||?{?echo?"mysql?is?not?install,check?yum?source";exit;?};?}

service?mysqld?restart?&>/dev/null?&&?echo?"mysql?has?been?restart"?||?echo?"Something?wrong?when?restart?mysql,please?check"

/usr/bin/mysql_secure_installation;

fi

echo?"Now?install?some?relative?package"

install_pack

install_rsyslog_mysq

config_rsyslog

download_LogAnalyzer

install_LogAnalyzer

;;

7)

if?rpm?-q?mysql-server?&>/dev/null;then

echo?"The??mysql-server?is?already?install?before"

else

rpm?-q?mariadb?&>/dev/null?||?{?yum?-y?install?mariadb?&>/dev/null?&&?echo?"mysql?is?install?complete"?||?{?echo?"mysql?is?not?install,check?yum?source";exit;?};?}

rpm?-q?mariadb-server?&>/dev/null?||?{?yum?-y?install?mariadb-server?&>/dev/null?&&?echo?"mysql-server?is?install?complete"?||?{?echo?"mysql-server?is?not?install,check?yum?source";exit;?};?}

service?mariadb?restart?&>/dev/null?&&?echo?"mysql?has?been?restart"?||?echo?"Something?wrong?when?restart?mysql,please?check"

/usr/bin/mysql_secure_installation

fi

echo?"Now?install?some?relative?package"

install_pack

install_rsyslog_mysq

config_rsyslog

download_LogAnalyzer

install_LogAnalyzer

;;

*)

echo?"Your?system?is?not?centos6?or?7,please?check"

exit

;;

esac

echo

echo?"All?config?is?done?now,Now?restart?service"

restart_service

echo?"If?all?service?is?restart?ok,you?can?test?now,otherwise,you?just?to?solve?the?restart?problem,the?test"

echo?"test?url?is?http://$ip/blog"

腳本二:一鍵配置客戶端/etc/rsyslog.conf

#!/bin/bash

#

#******************************************************************************

#Author:???????????????Sunny

#Date:?????????????????2017-10-15

#FileName:?????????????auto_set_rsyslog_conf.sh

#version:??????????????1.0

#Your?change?info:

#Description:??????????For?auto?set?rsylog_conf?in?client

#DOC?URL:

#Copyright(C):?????????2017??All?rihts?reserved

#*****************************************************************************

time=`date?+%Y%m%d%H%M`

os_version=`cat?/etc/system-release?|?grep?-o?"?[0-9]"|?cut?-d?"?"?-f2`

mv?/etc/rsyslog.conf?/etc/rsyslog.conf.$time.bak

read?-p?"Please?input?your?log?server?ip(default:172.18.50.75):?"?ip

ip=${ip:-172.18.50.75}

echo?ip?is?$ip

case?$os_version?in

6)

cat?>/etc/rsyslog.conf<

\$ModLoad?imuxsock?#?provides?support?for?local?system?logging?(e.g.?via?logger?command)

\$ModLoad?imklog???#?provides?kernel?logging?support?(previously?done?by?rklogd)

\$ActionFileDefaultTemplate?RSYSLOG_TraditionalFileFormat

\$IncludeConfig?/etc/rsyslog.d/*.conf

*.info;mail.none;authpriv.none;cron.none???????????????@$ip

authpriv.*?????????????????????????????????????????????@$ip

mail.*?????????????????????????????????????????????????@$ip

cron.*?????????????????????????????????????????????????@$ip

*.emerg?????????????????????????????????????????????????*

uucp,news.crit?????????????????????????????????????????@$ip

local7.*???????????????????????????????????????????????@$ip

eof

;;

7)

cat?>/etc/rsyslog.conf<

\$ModLoad?imuxsock?#?provides?support?for?local?system?logging?(e.g.?via?logger?command)

\$ModLoad?imjournal?#?provides?access?to?the?systemd?journal

\$WorkDirectory?/var/lib/rsyslog

\$ActionFileDefaultTemplate?RSYSLOG_TraditionalFileFormat

\$IncludeConfig?/etc/rsyslog.d/*.conf

\$OmitLocalLogging?on

\$IMJournalStateFile?imjournal.state

*.info;mail.none;authpriv.none;cron.none????????????????@$ip

authpriv.*??????????????????????????????????????????????@$ip

mail.*??????????????????????????????????????????????????@$ip

cron.*??????????????????????????????????????????????????@$ip

*.emerg?????????????????????????????????????????????????:omusrmsg:*

uucp,news.crit??????????????????????????????????????????@$ip

local7.*????????????????????????????????????????????????@$ip

eof

;;

*)

echo?"The?host?is?not?centos6?or?7,it?will?exit?now"

mv??/etc/rsyslog.conf.$time.bak?/etc/rsyslog.conf

exit

;;

esac

service?rsyslog?restart?&&?echo?"rsyslog?has?been?restart"?||?echo?"something?wrong?when?restart?rsyslog,please?check"

6? 總結(jié)

本文實(shí)現(xiàn)了一鍵安裝安裝log服務(wù)器,關(guān)于日志級(jí)別的定義,以及日志的存儲(chǔ)規(guī)則,可以參見(jiàn)博客服務(wù)器日志 之 rsyslog和logrotate 概念介紹http://www.lxweimin.com/p/ee53a1dfea87進(jìn)行按需配置。

最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡(jiǎn)書(shū)系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

推薦閱讀更多精彩內(nèi)容