cd /etc/yum.repos.d;wget http://rpms.adiscon.com/v8-stable/rsyslog.repo
uat-web02:/etc/yum.repos.d# ls -ltr
total 32
-rw-r--r--. 1 root root 4528 Dec 1 2013 CentOS-Vault.repo
-rw-r--r--. 1 root root 630 Dec 1 2013 CentOS-Media.repo
-rw-r--r--. 1 root root 638 Dec 1 2013 CentOS-Debuginfo.repo
-rw-r--r-- 1 root root 227 Apr 1 2014 rsyslog.repo
-rw-r--r--. 1 root root 1083 Jul 2 2014 epel.repo
-rw-r--r--. 1 root root 2572 Jul 2 2014 CentOS-Base.repo
-rw-r--r-- 1 root root 1250 Aug 26 2014 puppetlabs.repo
uat-web02:/etc/yum.repos.d# cat rsyslog.repo
[rsyslog_v8]
name=Adiscon CentOS-$releasever - local packages for $basearch
baseurl=http://rpms.adiscon.com/v8-stable/epel-$releasever/$basearch
enabled=1
gpgcheck=0
gpgkey=http://rpms.adiscon.com/RPM-GPG-KEY-Adiscon
protect=1
uat-web02:/etc/yum.repos.d# ps -ef | grep rsyslog
root 32378 31761 0 09:29 pts/0 00:00:00 grep rsyslog
uat-web02:/etc/yum.repos.d# service rsyslog start
Starting system logger: [ OK ]
uat-web02:/etc/yum.repos.d# rsyslogd -v
rsyslogd 8.21.0, compiled with:
PLATFORM: x86_64-redhat-linux-gnu
PLATFORM (lsb_release -d):
FEATURE_REGEXP: Yes
GSSAPI Kerberos 5 support: No
FEATURE_DEBUG (debug build, slow code): No
32bit Atomic operations supported: Yes
64bit Atomic operations supported: Yes
memory allocator: system default
Runtime Instrumentation (slow code): No
uuid support: Yes
Number of Bits in RainerScript integers: 64
See http://www.rsyslog.com for more information.
安装rsyslog日志搜集
yum install rsyslog
查看版本信息
yum info rsyslog
修改配置文件:
[root@Server2 yum.repos.d]# cat /etc/rsyslog.conf |egrep -v "^(#|$)"
module(load="imuxsock") # provides support for local system logging (e.g. via logger command)
module(load="imklog") # provides kernel logging support (previously done by rklogd)
module(load="imudp") # needs to be done just once
input(type="imudp" port="514")
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
*.info;mail.none;authpriv.none;cron.none /var/log/messages
authpriv.* /var/log/secure
mail.* /var/log/maillog
cron.* /var/log/cron
*.emerg :omusrmsg:*
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log
$template TmplAuth, "/var/log/rsyslog_custom/%HOSTNAME%/%PROGRAMNAME%.log"
$template TmplMsg, "/var/log/rsyslog_custom/%HOSTNAME%/%PROGRAMNAME%.log"
authpriv.* ?TmplAuth
*.info,mail.none,authpriv.none,cron.none ?TmplMsg
创建日志保存路径
mkdir -p /var/log/rsyslog_custom
semanage fcontext -a -t syslogd_exec_t /sbin/rsyslogd
restorecon /sbin/rsyslogd
/usr/sbin/semanage fcontext -a -t var_log_t "/var/log/rsyslog_custom(/.*)?"
/sbin/restorecon -R -v /var/log/rsyslog_custom
service rsyslog restart
查看udp 514端口是否开放
客户端安装rsyslog
cd /etc/yum.repos.d;wget http://rpms.adiscon.com/v8-stable/rsyslog.repo
yum install rsyslog
修改配置文件:
[root@Server1 yum.repos.d]# cat /etc/rsyslog.conf |egrep -v "^(#|$)"
module(load="imuxsock") # provides support for local system logging (e.g. via logger command)
module(load="imklog") # provides kernel logging support (previously done by rklogd)
module(load="imfile")
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
*.info;mail.none;authpriv.none;cron.none /var/log/messages
authpriv.* /var/log/secure
mail.* /var/log/maillog
cron.* /var/log/cron
*.emerg :omusrmsg:*
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log
*.info /var/log/test.log
input(type="imfile"
File="/usr/local/nginx/logs/icms.access.log"
Tag="icms-access"
Severity="info"
Facility="local5")
*.* @192.168.0.103:514
验证:
在/var/log/rsyslog_custom目录下面:按服务器名称生成的文件夹,查看里面日志
注意:rsyslog 源码安装 会出现日志重复发的情况,需要rpm包安装