rsyslog 传输mysql 日志

在另外一种环境中，让我们假定你已经在机器上安装了一个名为“foobar”的应用程序，它会在/var/log下生成foobar.log日志文件。现在，你想要将它的日志定向到rsyslog服务器，这可以通过像下面这样在rsyslog配置文

件中加载imfile模块来实现。

首先，加载imfile模块，这只需做一次。

module(load="imfile" PollingInterval="5") 
然后，指定日志文件的路径以便imfile模块可以检测到：


mysql rsyslog配置:
uat-db01:/data01/mysql# cat /etc/rsyslog.conf | grep -v "^#" | grep -v "^$"
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
module(load="imfile" PollingInterval="5")
$ModLoad imtcp
$InputTCPServerRun 514
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
*.info;mail.none;authpriv.none;cron.none;local5.none               /var/log/messages
authpriv.*                                              /var/log/secure
mail.*                                                  -/var/log/maillog
cron.*                                                  /var/log/cron
uucp,news.crit                                          /var/log/spooler
local7.*                                                /var/log/boot.log
input(type="imfile"
File="/data01/mysql/uat-db01-slow.log"
Tag="uat-mysql01"
Severity="info"
Facility="local5")
local5.* @@115.236.xx.xx:514




需要升级rsyslog 版本:
rhdpt01:/root# tail -100 /var/log/messages
Aug  7 03:38:01 jrhdpt01 rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="951" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
Aug 12 13:43:02 jrhdpt01 kernel: Kernel logging (proc) stopped.
Aug 12 13:43:02 jrhdpt01 rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="951" x-info="http://www.rsyslog.com"] exiting on signal 15.
Aug 12 13:43:03 jrhdpt01 kernel: imklog 5.8.10, log source = /proc/kmsg started.
Aug 12 13:43:03 jrhdpt01 rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="24817" x-info="http://www.rsyslog.com"] start
Aug 12 13:43:03 jrhdpt01 rsyslogd-3000: unknown priority name "" [try http://www.rsyslog.com/e/3000 ]
Aug 12 13:43:03 jrhdpt01 rsyslogd: the last error occured in /etc/rsyslog.conf, line 11:"module(load="imfile" PollingInterval="5")"
Aug 12 13:43:03 jrhdpt01 rsyslogd: warning: selector line without actions will be discarded
Aug 12 13:43:03 jrhdpt01 rsyslogd-3000: unknown priority name "" [try http://www.rsyslog.com/e/3000 ]
Aug 12 13:43:03 jrhdpt01 rsyslogd: the last error occured in /etc/rsyslog.conf, line 84:"input(type="imfile""
Aug 12 13:43:03 jrhdpt01 rsyslogd: warning: selector line without actions will be discarded
Aug 12 13:43:03 jrhdpt01 rsyslogd-3000: unknown priority name "log"" [try http://www.rsyslog.com/e/3000 ]
Aug 12 13:43:03 jrhdpt01 rsyslogd: the last error occured in /etc/rsyslog.conf, line 85:"File="/data01/mysql/jrhdpt01-slow.log""
Aug 12 13:43:03 jrhdpt01 rsyslogd: warning: selector line without actions will be discarded
Aug 12 13:43:03 jrhdpt01 rsyslogd-3000: unknown priority name "" [try http://www.rsyslog.com/e/3000 ]
Aug 12 13:43:03 jrhdpt01 rsyslogd: the last error occured in /etc/rsyslog.conf, line 86:"Tag="zjzc-mysql01""
Aug 12 13:43:03 jrhdpt01 rsyslogd: warning: selector line without actions will be discarded
Aug 12 13:43:03 jrhdpt01 rsyslogd-3000: unknown priority name "" [try http://www.rsyslog.com/e/3000 ]
Aug 12 13:43:03 jrhdpt01 rsyslogd: the last error occured in /etc/rsyslog.conf, line 87:"Severity="info""
Aug 12 13:43:03 jrhdpt01 rsyslogd: warning: selector line without actions will be discarded
Aug 12 13:43:03 jrhdpt01 rsyslogd-3000: unknown priority name "" [try http://www.rsyslog.com/e/3000 ]
Aug 12 13:43:03 jrhdpt01 rsyslogd: the last error occured in /etc/rsyslog.conf, line 88:"Facility="local5")"
Aug 12 13:43:03 jrhdpt01 rsyslogd: warning: selector line without actions will be discarded
Aug 12 13:43:03 jrhdpt01 rsyslogd-2124: CONFIG ERROR: could not interpret master config file '/etc/rsyslog.conf'. [try http://www.rsyslog.com/e/2124 ]



下载下列软件
json-c-0.12-20140410.tar.gz---------------------https://github.com/json-c/json-c/archive/json-c-0.12-20140410.tar.gz
libestr-0.1.10.tar.gz-------------------http://libestr.adiscon.com/files/download/libestr-0.1.10.tar.gz
liblogging-1.0.5.tar.gz    ----------------http://download.rsyslog.com/liblogging/liblogging-1.0.5.tar.gz
librdkafka-0.8.6.tar.gz -----------------------https://github.com/edenhill/librdkafka/archive/0.8.6.tar.gz
libuuid-1.0.3.tar.gz --------------------http://jaist.dl.sourceforge.net/project/libuuid/libuuid-1.0.3.tar.gz
zlib-1.2.8.tar.gz-------------------http://zlib.net/zlib-1.2.8.tar.gz
curl-7.44.0.tar.gz--------------http://curl.haxx.se/download/curl-7.44.0.tar.gz
rsyslog-8.15.0.tar.gz-------------------http://www.rsyslog.com/download/files/download/rsyslog/rsyslog-8.15.0.tar.gz


一：安装rsyslog
(1) json-c 安装
tar -xzvf  json-c-0.12-20140410.tar.gz
cd json-c-0.12-20140410
./configure CC="gcc -m64" --prefix=/usr --libdir=/usr/lib64 && make && make install
  (2) libestr安装
tar -xzvf  libestr-0.1.10.tar.gz
cd libestr-0.1.10
./configure CC="gcc -m64" --prefix=/usr --libdir=/usr/lib64
 && make && make install
(3) libuuid 安装
tar -xzvflibuuid-1.0.3.tar.gz
cdlibuuid-1.0.3
./configure CC="gcc -m64" --prefix=/usr  --libdir=/usr/lib64 && make && make install 


(4)zlib
 安装
tar
 -xzvf zlib-1.2.8.tar.gz
cdzlib-1.2.8
./configure --prefix=/usr  --libdir=/usr/lib64 && make && make install

(5)liblogging
 安装
tar
 -xzvf liblogging-1.0.5.tar.gz
cdliblogging-1.0.5
./configure CC="gcc -m64" --prefix=/usr  --libdir=/usr/lib64 --disable-journal && make && make install

(6)librdkafka  ###可以不安装
 安装
tar
 -xzvf librdkafka-0.8.6.tar.gz
cd librdkafka-0.8.6
./configure --prefix=/usr  --libdir=/usr/lib64 && make && make install



(7) 安装rsyslogd

checking for library containing sched_get_priority_max... none required
checking for sched_get_priority_max... yes
checking for LIBUUID... yes
checking for CURL... no
configure: error: Package requirements (libcurl) were not met:

No package 'libcurl' found

Consider adjusting the PKG_CONFIG_PATH environment variable if you
installed software in a non-standard prefix.

原因没有安装curl:
uat-db01:/root/curl-7.44.0# ./configure CC="gcc -m64" --prefix=/usr  --libdir=/usr/lib64 && make && make install 



uat-db01:/root/rsyslog-8.15.0# cat make.sh 
./configure  CC="gcc -m64" PKG_CONFIG_PATH=/usr/lib64/pkgconfig  LIBESTR_LIBS=/usr/lib64/libestr.a JSON_C_LIBS=/usr/lib64/libjson-c.a ZLIB_LIBS=/usr/lib64/libz.a LIBUUID_LIBS=/usr/lib64/libuuid.a 

CURL_LIBS=/usr/lib64/libcurl.a LIBLOGGING_STDLOG_LIBS=/usr/lib64/liblogging-stdlog.a LIBRDKAFKA_CFLAGS=/usr/include LIBRDKAFKA_LIBS=/usr/lib64/librdkafka.a --prefix=/usr --libdir=/usr/lib64  --

enable-static --enable-debug  --enable-elasticsearch --enable-elasticsearch-tests --enable-liblogging-stdlog --enable-imfile --enable-imptcp --enable-omstdout --enable-omruleset --enable-omuxsock  

--disable-libgcrypt

make && make install


uat-db01:/root/rsyslog-8.15.0/tools# cp rsyslogd /sbin/



uat-db01:/root/rsyslog-8.15.0/tools# service rsyslog start
Starting system logger: usage: rsyslogd [options]
use "man rsyslogd" for details. To run rsyslog interactively, use "rsyslogd -n"to run it in debug mode use "rsyslogd -dn"
For further information see http://www.rsyslog.com/doc
                                                           [FAILED]

uat-db01:/root/rsyslog-8.15.0/tools# rsyslogd -f /etc/rsyslog.conf 
uat-db01:/root/rsyslog-8.15.0/tools# ps -ef | grep rsyslog
root      9244     1 12 14:32 ?        00:00:00 rsyslogd -f /etc/rsyslog.conf
root      9259 26662  0 14:32 pts/0    00:00:00 grep rsyslog
uat-db01:/root/rsyslog-8.15.0/tools# 






客户端rsyslog 配置:
uat-db01:/data01/mysql# cat /etc/rsyslog.conf | grep -v "^#" | grep -v "^$"
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
module(load="imfile" PollingInterval="5")
$ModLoad imtcp
$InputTCPServerRun 514
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
*.info;mail.none;authpriv.none;cron.none;local5.none               /var/log/messages
authpriv.*                                              /var/log/secure
mail.*                                                  -/var/log/maillog
cron.*                                                  /var/log/cron
uucp,news.crit                                          /var/log/spooler
local7.*                                                /var/log/boot.log
input(type="imfile"
File="/data01/mysql/uat-db01-slow.log"
Tag="uat-mysql01"
Severity="info"
Facility="local5")
local5.* @@115.236.xx.xx:514




服务器rsyslog 配置:

$EscapeControlCharactersOnReceive off      #关闭rsyslog默认转译ASCII<32的所有怪异字符，包括换行符等
$template nginx-zjzc01,"/rsyslog/data/nginx/zjzc/nginx_access01_log.%$year%-%$month%-%$day%"       #定义TC：日志存放路径
$template nginx-zjzc02,"/rsyslog/data/nginx/zjzc/nginx_access02_log.%$year%-%$month%-%$day%"            #定义TCBeta：日志存放路径
$template nginx-uat01,"/rsyslog/data/nginx/uat/nginx_access01_log.%$year%-%$month%-%$day%"            #定义TCBeta：日志存放路径
$template tocFormat,"'%syslogtag%','%FROMHOST-IP%','%msg%'
"                  #定义toc日志format
$template uat-zjzc01,"/rsyslog/data/mysql/uat/mysql01_slow_log.%$year%-%$month%-%$day%"            #定义TCBeta：日志存放路径


:rawmsg,contains,"nginx-zjzc01"  -?nginx-zjzc01;tocFormat                 #接受TC：日志，并应用tocFormat格式
:rawmsg,contains,"nginx-zjzc02"  -?nginx-zjzc02;tocFormat        #接受TCBeta：日志，并应用tocFormat格式
:rawmsg,contains,"uat-nginx"  -?nginx-uat01;tocFormat        #接受TCBeta：日志，并应用tocFormat格式


:rawmsg,contains,"uat-mysql01"  -?uat-zjzc01;tocFormat