1.rsyslog介绍
在centos 6及之前的版本叫做syslog,centos 7开始叫做rsyslog,根据官方的介绍,rsyslog(2013年版本)可以达到每秒转发百万条日志的级别,官方网址:http://www.rsyslog.com/
2.安装
[root@web01 ~]# yum isntall -y rsyslog
3.配置rsyslog
[root@web01 ~]# vim /etc/rsyslog.conf
#打开注释
$ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerRun 514
#添加日志收集级别
local6.* @@172.16.1.52:2222
4.安装haproxy
[root@web01 ~]# yum install -y haproxy
5.配置haproxy
[root@web01 ~]# vim /etc/haproxy/haproxy.cfg
global
maxconn 100000
chroot /var/lib/haproxy
uid 99
gid 99
daemon
nbproc 1
pidfile /var/run/haproxy.pid
log 127.0.0.1 local6 info
defaults
option http-keep-alive
option forwardfor
maxconn 100000
mode http
timeout connect 300000ms
timeout client 300000ms
timeout server 300000ms
listen stats
mode http
bind 0.0.0.0:9999
stats enable
log global
stats uri /haproxy-status
stats auth haadmin:123456
#frontend web_port
frontend web_port
bind 0.0.0.0:80
mode http
option httplog
log global
option forwardfor
###################ACL Setting##########################
acl pc hdr_dom(host) -i www.elk.com
acl mobile hdr_dom(host) -i m.elk.com
###################USE ACL##############################
use_backend pc_host if pc
use_backend mobile_host if mobile
########################################################
backend pc_host
mode http
option httplog
balance source
server web1 10.0.0.53:8081 check inter 2000 rise 3 fall 2 weight 1
backend mobile_host
mode http
option httplog
balance source
server web1 10.0.0.53:8080 check inter 2000 rise 3 fall 2 weight 1
[root@web01 ~]# vim /etc/haproxy/haproxy.cfg
#全局配置
global
#最大并发
maxconn 100000
#安全机制
chroot /var/lib/haproxy
#指定启动的用户和组
uid 99
gid 99
#守护进程
daemon
#haproxy的进程数
nbproc 1
#指定pid文件
pidfile /var/run/haproxy.pid
#指定日志级别
log 127.0.0.1 local6 info
#默认配置
defaults
#开启长连接
option http-keep-alive
#获取用户真实IP
option forwardfor
#最大连接数
maxconn 100000
#支持http协议
mode http
#设置连接超时时间
timeout connect 300000ms
timeout client 300000ms
timeout server 300000ms
#监控状态
listen status
#支持http
mode http
#监听端口
bind 0.0.0.0:9999
#启动
stats enable
#日志级别
log global
#访问uri地址
stats uri /haproxy-status
#状态页用户名和密码
stats auth haadmin:123456
#frontend web_port
frontend web_port
bind 0.0.0.0:80
mode http
option httplog
log global
option forwardfor
###################ACL Setting##########################
acl nginx hdr_dom(host) -i www.nginx.com
acl tomcat hdr_dom(host) -i www.tomcat.com
###################USE ACL##############################
use_backend nginx_host if nginx
use_backend tomcat_host if tomcat
########################################################
backend nginx_host
mode http
option httplog
balance source
server web01 10.0.0.7:8081 check inter 2000 rise 3 fall 2 weight 1
backend tomcat_host
mode http
option httplog
balance source
server web01 10.0.0.7:8080 check inter 2000 rise 3 fall 2 weight 1
6.修改Nginx启动端口
[root@web01 ~]# vim /etc/nginx/nginx.conf
server {
listen 8081 default_server;
...
7.启动服务
#启动haproxy
[root@web01 ~]# systemctl start haproxy.service
#启动rsyslog
[root@web01 ~]# systemctl start rsyslog
#验证
[root@web01 ~]# netstat -lntp
8.访问状态页面
http://10.0.0.7:9999/haproxy-status
haadmin
123456
9.测试访问Nginx和tomcat
#配置本地hosts
10.0.0.7 www.nginx.com
10.0.0.7 www.tomcat.com
#访问页面
http://www.nginx.com/
http://www.tomcat.com/
10.测试配置收集proxy日志
[root@db02 ~]# vim /etc/logstash/conf.d/haproxy.conf
input {
syslog {
port => "2222"
}
}
output {
stdout {}
}
#访问haproxy的页面,查看有无输出
11.配置收集proxy日志到ES
[root@db02 ~]# vim /etc/logstash/conf.d/haproxy_es.conf
input {
syslog {
port => "2222"
}
}
output {
elasticsearch {
hosts => ["10.0.0.51:9200"]
index => "haproxy_log_%{+YYYY-MM-dd}"
}
}