中国体育彩票开奖是一个开源日志记录程序,它是大量Linux发行版中最流行的日志记录机制。它也是CentOS 7或Rhel 7中的默认记录服务.Cento中的中国体育彩票开奖守护程序可以配置为在订单中作为服务器运行,从而从多个网络设备收集日志消息。在此帖子中,我使用了两个CentOS7 Linux机器来测试Rsyslog作为服务器和客户端。
目录
拓扑
客户端计算机34.67.242.159将向远程中央Syslog Server 35.224.49.121发送本地日志。
两台机器都在CentOS7上运行。
相关YouTube视频:
中国体育彩票开奖服务器安装和配置
1.安装中国体育彩票开奖.
[[email protected] ~]$
[[email protected] ~]$ sudo -i
[[email protected] ~]# sudo yum update && yum install 中国体育彩票开奖
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: centos4.zswap.net
* epel: mirror.colorado.edu
* extras: centos4.zswap.net
* updates: centos4.zswap.net
No packages marked for update Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: centos4.zswap.net * epel: mirror.uic.edu * extras: centos4.zswap.net * updates: centos4.zswap.net Package 中国体育彩票开奖-8.24.0-41.el7_7.2.x86_64 already installed and latest version Nothing to do [[email protected] ~]# systemctl start 中国体育彩票开奖 [[email protected] ~]# systemctl enable 中国体育彩票开奖 [[email protected] ~]# systemctl status 中国体育彩票开奖 ● 中国体育彩票开奖.service - System Logging Service Loaded: loaded (/usr/lib/systemd/system/中国体育彩票开奖.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2019-11-15 02:32:14 UTC; 11h ago Docs: man:中国体育彩票开奖d(8)RSyslog DocumentationMain PID: 17303 (中国体育彩票开奖d) CGroup: /system.slice/中国体育彩票开奖.service └─17303 /usr/sbin/中国体育彩票开奖d -n Nov 15 02:32:14 中国体育彩票开奖-server1 systemd[1]: Starting System Logging Service... Nov 15 02:32:14 中国体育彩票开奖-server1 中国体育彩票开奖d[17303]: [origin software="中国体育彩票开奖d" swVersion="8.24....rt Nov 15 02:32:14 中国体育彩票开奖-server1 systemd[1]: Started System Logging Service. Hint: Some lines were ellipsized, use -l to show in full. [[email protected] ~]# vim /etc/中国体育彩票开奖.conf [[email protected] ~]# vim /etc/中国体育彩票开奖.conf [[email protected] ~]# sysmtemctl restart 中国体育彩票开奖 -bash: sysmtemctl: command not found [[email protected] ~]# systemctl restart 中国体育彩票开奖 [[email protected] ~]# ss -tulnp | grep "中国体育彩票开奖" udp UNCONN 0 0 *:514 *:* users:(("中国体育彩票开奖d",pid=2507,fd=3)) udp UNCONN 0 0 [::]:514 [::]:* users:(("中国体育彩票开奖d",pid=2507,fd=4)) tcp LISTEN 0 25 *:514 *:* users:(("中国体育彩票开奖d",pid=2507,fd=5)) tcp LISTEN 0 25 [::]:514 [::]:* users:(("中国体育彩票开奖d",pid=2507,fd=6))
[[email protected] ~]# setenforce Permissive
[[email protected] ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: permissive
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 31
[[email protected] ~]# getenforce
Permissive
[[email protected] ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[[email protected] ~]# systemctl stop firewalld
注意:您可以按照我禁用防火墙和SELinux功能。更好的方法是配置Selinux和防火墙,允许UDP / TCP 514流量。在我的实验室中,我只是暂时禁用他们来向您展示Rsyslog如何工作。
2.将中国体育彩票开奖配置为服务器以收集所有日志/远程日志
默认情况下,中国体育彩票开奖使用imjournal和imusock模块,用于从Systemd Journal导入结构化日志消息,并分别通过UNIX套接字接受来自本地系统上运行的应用程序的Syslog消息。
要将中国体育彩票开奖配置为网络/中央日志记录服务器,您需要设置协议(UDP或TCP或两者)它将用于远程Syslog接收以及它侦听的端口。
如果要使用UDP连接,这更快但不可靠,请搜索和取消注释下面的udp的行。
使用TCP连接(较慢但更可靠),搜索和取消注释下面的TCP线。
[[email protected] ~]# vim /etc/中国体育彩票开奖.conf
...
# The imjournal module bellow is now used as a message source instead of imuxsock. $ModLoad imuxsock # provides support for local system logging (e.g. via logger command) $ModLoad imjournal # provides access to the systemd journal #$ModLoad imklog # reads kernel messages (the same are read from journald) #$ModLoad immark # provides --MARK-- message capability # Provides UDP syslog reception $ModLoad imudp $UDPServerRun 514 # Provides TCP syslog reception $ModLoad imtcp $InputTCPServerRun 514 $template RemoteLogs,"/var/log/%HOSTNAME%/%PROGRAMNAME%.log" *.* ?RemoteLogs & ~ #### GLOBAL DIRECTIVES ####
...
[[email protected] ~]# systemctl restart 中国体育彩票开奖
接下来,您需要定义规则集以处理以下格式的远程日志。查看上述规则集模板,第一个规则是“$ templay empotelogs,”/ var / log /%hostname%/%programname%.log“”。
指令$模板告诉中国体育彩票开奖守护进程将所有接收的远程消息写入/ var / log下的不同日志,基于所定义的消息的主机名(客户端计算机名称)和远程客户端工具(程序/应用程序)通过模板remotelogs中存在的设置。
第二行“*。*?remotelogs”表示使用Remotelogs模板配置记录来自所有严重性级别的所有设施的消息。
最后一行“&〜“指示中国体育彩票开奖一旦写入文件后停止处理邮件。如果你不包括“&〜“,邮件将被写入本地文件。
另一个模板示例:
$ templay dailyperhost,“/ logs / syslog_devices /%来自host-ip%/%fromhost-ip% - %$年% - %$月% - %$ day%.log”
*.* -?DailyPerHost
中国体育彩票开奖client安装和配置
1.安装中国体育彩票开奖.
[[email protected] ~]$ curl ifconfig.me
34.67.242.159[[email protected] ~]$
[[email protected] ~]$
[[email protected] ~]$ sudo yum update && yum install 中国体育彩票开奖
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: centos4.zswap.net
* epel: mirror.grid.uchicago.edu
* extras: centos4.zswap.net
* updates: centos4.zswap.net
No packages marked for update
Loaded plugins: fastestmirror
You need to be root to perform this command.
[[email protected] ~]$ sudo -i
[[email protected] ~]# sudo yum update && yum install 中国体育彩票开奖
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: centos4.zswap.net
* epel: mirror.grid.uchicago.edu
* extras: centos4.zswap.net
* updates: centos4.zswap.net
No packages marked for update
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: centos4.zswap.net
* epel: mirror.grid.uchicago.edu
* extras: centos4.zswap.net
* updates: centos4.zswap.net
Resolving Dependencies
There are unfinished transactions remaining. You might consider running yum-complete-transaction, or "yum-complete-transaction --cleanup-only" and "yum history redo last", first to finish them. If those don't work you'll have to try removing/installing packages by hand (maybe package-cleanup can help).
The program yum-complete-transaction is found in the yum-utils package.
--> Running transaction check
---> Package 中国体育彩票开奖.x86_64 0:8.24.0-41.el7_7 will be updated
---> Package 中国体育彩票开奖.x86_64 0:8.24.0-41.el7_7.2 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================================
Package Arch Version Repository Size
================================================================================================
Updating:
中国体育彩票开奖 x86_64 8.24.0-41.el7_7.2 updates 616 k
Transaction Summary
================================================================================================
Upgrade 1 Package
Total size: 616 k
Is this ok [y/d/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction check error:
package 中国体育彩票开奖-8.24.0-41.el7_7.2.x86_64 is already installed
Error Summary
-------------
[[email protected] ~]# systemctl start 中国体育彩票开奖
[[email protected] ~]# systemctl enable 中国体育彩票开奖
[[email protected] ~]# systemctl status 中国体育彩票开奖
● 中国体育彩票开奖.service - System Logging Service
Loaded: loaded (/usr/lib/systemd/system/中国体育彩票开奖.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2019-11-15 02:24:26 UTC; 12h ago
Docs: man:中国体育彩票开奖d(8)
http://www.中国体育彩票开奖.com/doc/
主要的 PID: 905 (中国体育彩票开奖d)
CGroup: /system.slice/中国体育彩票开奖.service
└─905 /usr/sbin/中国体育彩票开奖d -n
Nov 15 02:24:26 中国体育彩票开奖-client1 systemd[1]: Starting System Logging Service...
Nov 15 02:24:26 中国体育彩票开奖-client1 中国体育彩票开奖d[905]: [origin software="中国体育彩票开奖d" swVersion="8.24...rt
Nov 15 02:24:26 中国体育彩票开奖-client1 systemd[1]: Started System Logging Service.
Hint: Some lines were ellipsized, use -l to show in full.
2.将中国体育彩票开奖作为客户端配置为收集本地日志/远程日志以发送到远程中国体育彩票开奖服务器
要强制中国体育彩票开奖守护程序充当日志客户端并将所有本地生成的日志消息转发到远程中国体育彩票开奖服务器,请在文件末尾添加此转发规则,如下屏幕截图所示。
[[email protected] ~]# vim /etc/中国体育彩票开奖.conf
...
# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList # run asynchronously
#$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
# ### end of the forwarding rule ###
*.* @@35.224.49.121:514
[[email protected] ~]# systemctl restart 中国体育彩票开奖
[[email protected] ~]# logger -s -p user.info Testing Rsyslog Client log
jon_netsec: Testing Rsyslog Client log
[[email protected] ~]#
测试和验证
[[email protected] log]# ls audit cron grubby_prune_debug ntpstats secure wtmp boot.log dmesg lastlog qemu-ga spooler yum.log btmp firewalld maillog 中国体育彩票开奖-client1 tallylog chrony grubby messages 中国体育彩票开奖-server1 tuned [[email protected] log]# cd 中国体育彩票开奖-server1/ [[email protected] 中国体育彩票开奖-server1]# ls jon_netsec.log kernel.log polkitd.log 中国体育彩票开奖d.log sshd.log systemd.log [[email protected] 中国体育彩票开奖-server1]# cat jon_netsec.log 2019-11-15T14:50:52.794133+00:00 中国体育彩票开奖-server1 jon_netsec: Testing Server Rsyslog [[email protected] 中国体育彩票开奖-server1]# cd .. [[email protected] log]# cd 中国体育彩票开奖-client1/ [[email protected] 中国体育彩票开奖-client1]# ls dbus.log jon_netsec.log nm-dispatcher.log 中国体育彩票开奖d.log dhclient.log NetworkManager.log polkitd.log systemd.log [[email protected] 中国体育彩票开奖-client1]# cat jon_netsec.log 2019-11-15T14:51:40+00:00 中国体育彩票开奖-client1 jon_netsec: Testing Rsyslog Client log [[email protected] 中国体育彩票开奖-client1]# vim /etc/中国体育彩票开奖.conf [[email protected] 中国体育彩票开奖-client1]#