大家好,又见面了,我是你们的朋友全栈君。如果您正在找激活码,请点击查看最新教程,关注关注公众号 “全栈程序员社区” 获取激活教程,可能之前旧版本教程已经失效.最新Idea2022.1教程亲测有效,一键激活。
Jetbrains全系列IDE稳定放心使用
为了收集一个服务的业务日志,用于监控接口超时时间,简单应用所以用rsyslog来做
一、注意事项
注意客户端和服务器端要关闭防火墙,开放相应的端口
二、升级rsyslog客户端版本
1.服务器端在centos6环境下默认版本为5.8.10,目前使用服务器端可以不用升级
# rsyslogd -v
rsyslogd 5.8.10, compiled with:
FEATURE_REGEXP: Yes
FEATURE_LARGEFILE: No
GSSAPI Kerberos 5 support: Yes
FEATURE_DEBUG (debug build, slow code): No
32bit Atomic operations supported: Yes
64bit Atomic operations supported: Yes
Runtime Instrumentation (slow code): No
See http://www.rsyslog.com for more information.
2.客户端的rsyslog目前需要升级,当前最新版为
# rsyslogd -v
rsyslogd 8.40.0, compiled with:
PLATFORM: x86_64-redhat-linux-gnu
PLATFORM (lsb_release -d):
FEATURE_REGEXP: Yes
GSSAPI Kerberos 5 support: No
FEATURE_DEBUG (debug build, slow code): No
32bit Atomic operations supported: Yes
64bit Atomic operations supported: Yes
memory allocator: system default
Runtime Instrumentation (slow code): No
uuid support: Yes
systemd support: No
Number of Bits in RainerScript integers: 64
See https://www.rsyslog.com for more information.
3.客户端如果不升级,则会出现报错
Jan 18 11:33:38 recallserver-12-164 kernel: imklog 5.8.10, log source = /proc/kmsg started.
Jan 18 11:33:38 recallserver-12-164 rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="68305" x-info="http://www.rsyslog.com"] st
art
Jan 18 11:33:38 recallserver-12-164 rsyslogd-3000: unknown priority name "" [try http://www.rsyslog.com/e/3000 ]
Jan 18 11:33:38 recallserver-12-164 rsyslogd: the last error occured in /etc/rsyslog.conf, line 83:"module(load="imfile" PollingInterval="5")"
Jan 18 11:33:38 recallserver-12-164 rsyslogd: warning: selector line without actions will be discarded
Jan 18 11:33:38 recallserver-12-164 rsyslogd-3000: unknown priority name "" [try http://www.rsyslog.com/e/3000 ]
Jan 18 11:33:38 recallserver-12-164 rsyslogd: the last error occured in /etc/rsyslog.conf, line 84:"input(type="imfile""
Jan 18 11:33:38 recallserver-12-164 rsyslogd: warning: selector line without actions will be discarded
Jan 18 11:33:38 recallserver-12-164 rsyslogd-3000: unknown priority name "log"" [try http://www.rsyslog.com/e/3000 ]
Jan 18 11:33:38 recallserver-12-164 rsyslogd: the last error occured in /etc/rsyslog.conf, line 85:"File="/home/xxx/xxx.log""
Jan 18 11:33:38 recallserver-12-164 rsyslogd: warning: selector line without actions will be discarded
Jan 18 11:33:38 recallserver-12-164 rsyslogd-3000: unknown priority name "" [try http://www.rsyslog.com/e/3000 ]
Jan 18 11:33:38 recallserver-12-164 rsyslogd: the last error occured in /etc/rsyslog.conf, line 86:"Tag="""
Jan 18 11:33:38 recallserver-12-164 rsyslogd: warning: selector line without actions will be discarded
Jan 18 11:33:38 recallserver-12-164 rsyslogd-3000: unknown priority name "" [try http://www.rsyslog.com/e/3000 ]
Jan 18 11:33:38 recallserver-12-164 rsyslogd: the last error occured in /etc/rsyslog.conf, line 87:"Severity="debug""
Jan 18 11:33:38 recallserver-12-164 rsyslogd: warning: selector line without actions will be discarded
Jan 18 11:33:38 recallserver-12-164 rsyslogd-3000: unknown priority name "" [try http://www.rsyslog.com/e/3000 ]
Jan 18 11:33:38 recallserver-12-164 rsyslogd: the last error occured in /etc/rsyslog.conf, line 88:"Facility="local2")"
Jan 18 11:33:38 recallserver-12-164 rsyslogd: warning: selector line without actions will be discarded
Jan 18 11:33:38 recallserver-12-164 rsyslogd-2124: CONFIG ERROR: could not interpret master config file '/etc/rsyslog.conf'. [try http://www.r
syslog.com/e/2124 ]
4.升级步骤
(1)yum安装
# wget http://rpms.adiscon.com/v8-stable/rsyslog.repo -O /etc/yum.repos.d/rsyslog.repo
# yum update rsyslog
(2)手动下载yum包
由于有些机器没开外网访问换,所以我在其它机器上下载了rpm包传到这台再安装,安装需要libestr和libfastjson4这两个依赖包,所以需要三个rpm包。再卸载自带的rsyslog的时候由于有依赖关系所以在使用rpm卸载的时候需要加上强制卸载的参数。浏览器下载访问:http://rpms.adiscon.com/v8-stable/epel-6/x86_64/RPMS/
# rpm -qa|grep rsyslog
# rpm -e --nodeps rsyslog-5.8.10-10.el6_6.x86_64
# wget http://rpms.adiscon.com/v8-stable/epel-6/x86_64/RPMS/libestr-0.1.11-1.el6.x86_64.rpm
# wget http://rpms.adiscon.com/v8-stable/epel-6/x86_64/RPMS/libfastjson4-0.99.8-1.el6.x86_64.rpm
# wget http://rpms.adiscon.com/v8-stable/epel-6/x86_64/RPMS/rsyslog-8.40.0-1.el6.x86_64.rpm
# rpm -ivh libestr-0.1.11-1.el6.x86_64.rpm libfastjson4-0.99.8-1.el6.x86_64.rpm rsyslog-8.40.0-1.el6.x86_64.rpm
安装完成后检查版本
# rsyslogd -v
rsyslogd 8.40.0, compiled with:
PLATFORM: x86_64-redhat-linux-gnu
PLATFORM (lsb_release -d):
FEATURE_REGEXP: Yes
GSSAPI Kerberos 5 support: No
FEATURE_DEBUG (debug build, slow code): No
32bit Atomic operations supported: Yes
64bit Atomic operations supported: Yes
memory allocator: system default
Runtime Instrumentation (slow code): No
uuid support: Yes
systemd support: No
Number of Bits in RainerScript integers: 64
See https://www.rsyslog.com for more information.
三、客户端配置
module(load=“imfile” PollingInterval=“5”):加载imfile模块,日志推送的间隔是5秒,默认为10秒,不建议设置为0,否则一致占用cpu增加使用率,生产环境如果日志量大有可能会有影响
type=“imfile”:固定的配置,直接复制使用
File=”/home/homework/xxx.log”:需要发送的日志路径和名称
Tag=“mall-order_debug”:tag标签,自行定义
Severity=“debug”:日志级别,自己定义
Facility=“local2”:日志分类,自己定义,范围1-7
local2.* @xx.xx.xx.xx:514:local2的所有级别的日志,试用udp发送到xx服务器的514端口,端口默认即可
# vim /etc/rsyslog.conf
....
$ModLoad imudp
$UDPServerRun 514
......
module(load="imfile" PollingInterval="5")
input(type="imfile"
File="/home/homework/log/mall-order/mall-order_debug.log"
Tag="mall-order_debug"
Severity="debug"
Facility="local2")
local2.* @192.168.240.201:514
四、服务端配置
$template SpiceTmpl……:定义接收日志的格式,主机名 日志信息,最后换行
$template MallOrderLog……:定义接收日志的路径和名称,日志后缀为日期格式
:msg, contains, “requestPay” ?MallOrderLog;SpiceTmpl:这行的意思是接收的日志中如果含有requestPay字符的,使用MallOrderLog模板和SpiceTmpl日志格式存储
......
# 下面的配置是设置接收日志目录和文件的权限,否则将会以root权限和系统默认权限创建目录和文件
$FileOwner homework
$FileGroup homework
$FileCreateMode 0600
$DirCreateMode 0755
......
$template SpiceTmpl,"%hostname% %msg:2:$%\n"
$template MallOrderLog,"/home/xxx/xxx.log.%$YEAR%-%$MONTH%-%$DAY%"
:msg, contains, "requestPay" ?MallOrderLog;SpiceTmpl
& ~
......
测试配置文件语法,之前不知道,后来发现有这个命令,现在添加上,如果配置文件正常则是下面的显示
# rsyslogd -f /etc/rsyslog.conf -N1
rsyslogd: version 8.40.0, config validation run (level 1), master config /etc/rsyslog.conf
rsyslogd: End of config validation run. Bye.
如果检查语法错误,则输出如下
# rsyslogd -f /etc/rsyslog.conf -N1
rsyslogd: version 8.40.0, config validation run (level 1), master config /etc/rsyslog.conf
rsyslogd: error during parsing file /etc/rsyslog.conf, on or before line 55: warnings occured in file '/etc/rsyslog.conf' around line 55 [v8.40.0 try https://www.rsyslog.com/e/2207 ]
如果不检查语法就启动,日志也会出现错误信息。比如配置文件中local2.debug ?MallOrderLog中间使用多个空格分隔,会因为语法问题出现报错,虽然服务起来了,但是配置未生效。需要去掉多余的空格后再检查配置语法,确保正常在重启服务。
# less /var/log/messages
rdqa-rd-test176 [origin software="rsyslogd" swVersion="5.8.10" x-pid="14880" x-info="http://www.rsyslog.com"] exiting on signal 15.
rdqa-rd-test176 imklog 5.8.10, log source = /proc/kmsg started.
rdqa-rd-test176 [origin software="rsyslogd" swVersion="5.8.10" x-pid="15074" x-info="http://www.rsyslog.com"] start
rdqa-rd-test176 Could not find template 'MallOrderLog' - action disabled
[try http://www.rsyslog.com/e/3003 ]
rdqa-rd-test176 the last error occured in /etc/rsyslog.conf, line 98:"local2.debug ?MallOrderLog"
rdqa-rd-test176 CONFIG ERROR: could not interpret master config file '/etc/rsyslog.conf'. [try http://www.rsyslog.com/e/2124 ]
再次重启服务,检查无错误说明配置都正常
# less /var/log/messages
rdqa-rd-test176 Kernel logging (proc) stopped.
rdqa-rd-test176 [origin software="rsyslogd" swVersion="5.8.10" x-pid="37696" x-info="http://www.rsyslog.com"] exiting on signal 15.
rdqa-rd-test176 imklog 5.8.10, log source = /proc/kmsg started.
rdqa-rd-test176 [origin software="rsyslogd" swVersion="5.8.10" x-pid="68403" x-info="http://www.rsyslog.com"] start
重启服务正常,检查日志无错误后,查看需要接收的日志是否生成即可。
版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请联系我们举报,一经查实,本站将立刻删除。
发布者:全栈程序员-站长,转载请注明出处:https://javaforall.net/189838.html原文链接:https://javaforall.net
