20190306 日志管理及网络文件共享服务
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了20190306 日志管理及网络文件共享服务相关的知识,希望对你有一定的参考价值。
日志管理:
syslogd: system application 记录应用日志
klogd: linux kernel 记录内核日志
rsyslog:
程序包:rsyslog 主程序:/usr/sbin/rsyslogd
CentOS 6:service rsyslog {start|stop|restart|status} CentOS 7:/usr/lib/systemd/system/rsyslog.service
配置文件:/etc/rsyslog.conf,/etc/rsyslog.d/.conf 库文件: /lib64/rsyslog/.so
target: 文件路径:通常在/var/log/,文件路径前的-表示异步写入 用户:将日志事件通知给指定的用户,* 表示登录的所有用户
日志服务器:@host,把日志送往至指定的远程服务器记录 管道: | COMMAND,转发给其它命令处理
[[email protected] ~]#systemctl status rsyslog
● rsyslog.service - System Logging Service
Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2019-03-05 21:09:44 CST; 23h ago
Docs: man:rsyslogd(8)
http://www.rsyslog.com/doc/
Main PID: 6666 (rsyslogd)
Tasks: 3
CGroup: /system.slice/rsyslog.service
└─6666 /usr/sbin/rsyslogd -n
实验:自定义日志:
1、[[email protected] ~]#vim /etc/ssh/sshd_config 该文件定义日志记录的信息
#SyslogFacility AUTHPRIV
SyslogFacility local0
2、[[email protected] ~]#vim /etc/rsyslog.conf
local0.* /var/log/sshd.log
[[email protected] ~]#systemctl restart sshd
[[email protected] ~]#tail -f /var/log/sshd.log
Mar 6 20:29:44 centos7 sshd[43542]: Server listening on 0.0.0.0 port 22.
Mar 6 20:29:44 centos7 sshd[43542]: Server listening on :: port 22. 端口已经出现,该文件已生成。
3、[[email protected] ~]#ssh 192.168.141.200 当另一台主机ssh连上200时,
[email protected]‘s password:
Last login: Wed Mar 6 20:28:35 2019 from 192.168.141.253
[[email protected] ~]#tail -f /var/log/sshd.log
Mar 6 20:29:44 centos7 sshd[43542]: Server listening on 0.0.0.0 port 22.
Mar 6 20:29:44 centos7 sshd[43542]: Server listening on :: port 22.
Mar 6 20:30:54 centos7 sshd[43578]: Accepted password for root from 192.168.141.253 port 39224 ssh2 此新纪录会出现。
实验:利用日志基于网络,把日志发往远程主机,把很多台主机日志集中于一台主机
准备:2台主机,150,200,centos6做测试
这个实验的原理是:把200主机的日志发往150的远程主机,当有人ssh连接200主机时,在150主机上即可查看到200主机的日志。
1、在150主机上:
[[email protected] ~]#vim /etc/rsyslog.conf
$ModLoad imudp
$UDPServerRun 514 取消注释,
local0.* /var/log/test.log 设为test.log文件
[[email protected] ~]#systemctl restart rsyslog
[[email protected] ~]#ss -ntua
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 *:514 *:* 514端口已开,此时就可以接收远程发日志了。
现在在200上加以配置,把日志往150上发:
[[email protected] ~]#vim /etc/rsyslog.conf
local0.* @192.168.141.150 local0记录ssh的日志
[[email protected] ~]#vim /etc/ssh/sshd_config
#SyslogFacility AUTHPRIV
SyslogFacility local0 local0对应的是这些
[[email protected] ~]#systemctl restart rsyslog
[[email protected] ~]#systemctl restart sshd
2、这时去centos6上ssh200:
[[email protected] ~]#ssh 192.168.141.200
[email protected]‘s password:
Last login: Wed Mar 6 20:42:01 2019 from 192.168.141.200
[[email protected] ~]#
150主机上的记录为:[[email protected] ~]#tail /var/log/test.log
Mar 6 20:56:21 xingxiaoya sshd[44189]: Accepted password for root from 192.168.141.253 port 39226 ssh2 该记录显示6的IP号,7的主机 走的是udp协议
3、若想要做tcp(它稳定)就要修改配置文件:
[[email protected] ~]#vim /etc/rsyslog.conf
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
local0.* @@192.168.141.150
[[email protected] ~]#systemctl restart rsyslog
[[email protected] ~]#ss -ntua
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 :::514 :::*
tcp LISTEN 0 25 *:514 *:*
此时2种端口都具备了。该实验结束。
其它的日志文件:
/var/log/secure:系统安装日志,文本格式,应周期性分析
/var/log/btmp:当前系统上,用户的失败尝试登录相关的日志信息,二进制格式,lastb命令进行查看
/var/log/wtmp:当前系统上,用户正常登录系统的相关日志信息,二进制格式,last命令可以查看
/var/log/lastlog:每一个用户最近一次的登录信息,二进制格式,lastlog命令可以查看
/var/log/dmesg:系统引导过程中的日志信息,文本格式 文本查看工具查看 专用命令dmesg查看
/var/log/messages :系统中大部分的信息 /var/log/anaconda : anaconda的日志
日志管理journalctl
Systemd 统一管理所有 Unit 的启动日志。带来的好处就是,可以只用journalctl一个命令,查看所有日志(内核日志和应用日志)。日志的配置文件/etc/systemd/journald.conf
journalctl用法 1、查看所有日志(默认情况下 ,只保存本次启动的日志):journalctl 2、查看内核日志(不显示应用日志) :journalctl -k
3、查看系统本次启动的日志 :journalctl -b :journalctl -b -0 4、查看上一次启动的日志(需更改设置):journalctl -b -1
5、显示尾部的最新10行日志 :journalctl -n 6、显示尾部指定行数的日志 :journalctl -n 20 7、实时滚动显示最新日志 :journalctl -f
实验:rsyslog将日志记录于mysql中
准备:150做数据库,200做服务器 centos6
在200主机:[[email protected] ~]#yum install rsyslog-mysql
[[email protected] ~]#rpm -ql rsyslog-mysql
/usr/lib64/rsyslog/ommysql.so
/usr/share/doc/rsyslog-8.24.0/mysql-createDB.sql
[[email protected] ~]#cat /usr/share/doc/rsyslog-8.24.0/mysql-createDB.sql
CREATE DATABASE Syslog;
USE Syslog;
CREATE TABLE SystemEvents
(
ID int unsigned not null auto_increment primary key,
CustomerID bigint,
ReceivedAt datetime NULL,
DeviceReportedTime datetime NULL,
Facility smallint NULL,
Priority smallint NULL,
FromHost varchar(60) NULL,
Message text,
NTSeverity int NULL,
Importance int NULL,
EventSource varchar(60),
EventUser varchar(60) NULL,
EventCategory int NULL,
EventID int NULL,
EventBinaryData text NULL,
MaxAvailable int NULL,
CurrUsage int NULL,
MinUsage int NULL,
MaxUsage int NULL,
InfoUnitID int NULL ,
SysLogTag varchar(60),
EventLogType varchar(60),
GenericFileName VarChar(60),
SystemID int NULL
);
CREATE TABLE SystemEventsProperties
(
ID int unsigned not null auto_increment primary key,
SystemEventID int NULL ,
ParamName varchar(255) NULL ,
ParamValue text NULL
);
在150主机:一、[[email protected] ~]#vim rsyslog.sql
CREATE DATABASE Syslog;
USE Syslog;
CREATE TABLE SystemEvents
(
ID int unsigned not null auto_increment primary key,
CustomerID bigint,
ReceivedAt datetime NULL,
DeviceReportedTime datetime NULL,
Facility smallint NULL,
Priority smallint NULL,
FromHost varchar(60) NULL,
Message text,
NTSeverity int NULL,
Importance int NULL,
EventSource varchar(60),
EventUser varchar(60) NULL,
EventCategory int NULL,
EventID int NULL,
EventBinaryData text NULL,
MaxAvailable int NULL,
CurrUsage int NULL,
MinUsage int NULL,
MaxUsage int NULL,
InfoUnitID int NULL ,
SysLogTag varchar(60),
EventLogType varchar(60),
GenericFileName VarChar(60),
SystemID int NULL
);
CREATE TABLE SystemEventsProperties
(
ID int unsigned not null auto_increment primary key,
SystemEventID int NULL ,
ParamName varchar(255) NULL ,
ParamValue text NULL
); 该脚本要在mysql数据库中运行
二、[[email protected] ~]#mysql -uroot -p123gxy < rsyslog.sql
[[email protected] ~]#mysql -uroot -p123gxy
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| Syslog | 该数据库已被搭好。
| mysql |
| performance_schema |
| wordpress |
+--------------------+
5 rows in set (0.00 sec)
MariaDB [(none)]> use Syslog
Database changed
MariaDB [Syslog]> show tables;
+------------------------+
| Tables_in_Syslog |
+------------------------+
| SystemEvents |
| SystemEventsProperties |
+------------------------+
2 rows in set (0.00 sec) 此时,表已生成。
三、创建用户 MariaDB [Syslog]> grant all on Syslog.* to [email protected]‘192.168.141.%‘ identified by ‘123gxy‘;
Query OK, 0 rows affected (0.01 sec)
四、在200主机:[[email protected] ~]#vim /etc/rsyslog.conf 该配置文件需要修改的是下面2项
$ModLoad ommysql
# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514
local7.* /var/log/boot.log
local0.* :ommysql:192.168.141.150,Syslog,loguser,123gxy
[[email protected] ~]#vim /etc/ssh/sshd_config
#SyslogFacility AUTHPRIV
SyslogFacility local0 local0对应的是这些
[[email protected] ~]#systemctl restart rsyslog
[[email protected] ~]#systemctl restart sshd
五、下面,我们去测试:在centos6上ssh200主机:[[email protected] ~]#ssh 192.168.141.200
[email protected]‘s password:
Last login: Thu Mar 7 08:20:58 2019 from 192.168.141.253
六、150主机立刻会有记录生成:MariaDB [Syslog]> select * from SystemEvents;
+----+------------+---------------------+---------------------+----------+----------+----------+-----------------------------------------------------------------+------------+------------+-------------+-----------+---------------+---------+-----------------+--------------+-----------+----------+----------+------------+--------------+--------------+-----------------+----------+
| ID | CustomerID | ReceivedAt | DeviceReportedTime | Facility | Priority | FromHost | Message | NTSeverity | Importance | EventSource | EventUser | EventCategory | EventID | EventBinaryData | MaxAvailable | CurrUsage | MinUsage | MaxUsage | InfoUnitID | SysLogTag | EventLogType | GenericFileName | SystemID |
+----+------------+---------------------+---------------------+----------+----------+----------+-----------------------------------------------------------------+------------+------------+-------------+-----------+---------------+---------+-----------------+--------------+-----------+----------+----------+------------+--------------+--------------+-----------------+----------+
| 1 | NULL | 2019-03-07 08:36:14 | 2019-03-07 08:36:14 | 16 | 6 | centos7 | Accepted password for root from 192.168.141.253 port 39230 ssh2 | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 1 | sshd[17021]: | NULL | NULL | NULL |
+----+------------+---------------------+---------------------+----------+----------+----------+-----------------------------------------------------------------+------------+------------+-------------+-----------+---------------+---------+-----------------+--------------+-----------+----------+----------+------------+--------------+--------------+-----------------+----------+
1 row in set (0.00 sec) 此实验结束!
实验:搭建LAP
准备:200做日志服务器和LAP 150做mysql数据库
1、[[email protected] ~]#yum install httpd php php-mysql :php为模块方式,php-mysql为了连数据库 我的httpd已安装,此处可以不装
2、将官网的软件包传到200主机:[[email protected] ~]#ls
loganalyzer-4.1.7.tar.gz (官网下载地址:https://loganalyzer.adiscon.com/download/)
[[email protected] ~]#tar xf loganalyzer-4.1.7.tar.gz
[[email protected] ~]#cd loganalyzer-4.1.7/
[[email protected] loganalyzer-4.1.7]#ls
ChangeLog contrib COPYING doc INSTALL src
[[email protected] src]#mv /root/loganalyzer-4.1.7/src /var/www/html/log
[[email protected] src]#cd /var/www/html/log 此文件夹为了存放php程序包
[[email protected] log]#ls
admin classes details.php include lang search.php userchange.php
asktheoracle.php convert.php export.php index.php login.php statistics.php
BitstreamVeraFonts cron favicon.ico install.php reportgenerator.php templates
chartgenerator.php css images js reports.php themes
3、[[email protected] ~]#cd loganalyzer-4.1.7/
[[email protected] loganalyzer-4.1.7]#ls
ChangeLog contrib COPYING doc INSTALL
[[email protected] loganalyzer-4.1.7]#cd contrib/
[[email protected] contrib]#ls
config.php configure.sh secure.sh
[[email protected] contrib]#cat configure.sh
#!/bin/sh
touch config.php
chmod 666 config.php
[[email protected] contrib]#cat secure.sh
#!/bin/sh
chmod 644 config.php
4、[[email protected] loganalyzer-4.1.7]#touch /var/www/html/log/config.php
[[email protected] loganalyzer-4.1.7]#chmod 666 /var/www/html/log/config.php
5、开启fastcgi端口,[[email protected] conf.d]#service php-fpm start
Redirecting to /bin/systemctl start php-fpm.service
[[email protected] conf.d]#chkconfig php-fpm on
Note: Forwarding request to ‘systemctl enable php-fpm.service‘.
Created symlink from /etc/systemd/system/multi-user.target.wants/php-fpm.service to /usr/lib/systemd/system/php-fpm.service.
6、访问网站会有如下页面弹出:
此时既然包已经生成,就把权限收回:[[email protected] contrib]#chmod 644 /var/www/html/log/config.php
7、现在我们要去安装能够画图的工具包:
[[email protected] contrib]#yum install php-gd
[[email protected] contrib]#rpm -ql php-gd
/etc/php.d/gd.ini
/usr/lib64/php/modules/gd.so
/usr/share/doc/php-gd-5.4.16
/usr/share/doc/php-gd-5.4.16/libgd_COPYING
/usr/share/doc/php-gd-5.4.16/libgd_README
该包是模块方式的,要重启httpd服务。[[email protected] contrib]#systemctl restart httpd
8、 弹出的页面如下:
因为我的软件版本问题,没显示出来饼状图。此实验结束。
Logrotate日志
logrotate 程序是一个日志文件管理工具。用来把旧的日志文件删除,并创建新的日志文件,称为日志转储或滚动。可以根据日志文件的大小,也可以根据其天数来转储,这个过程一般通过 cron 程序来执行
配置文件是 /etc/logrotate.conf
以上是关于20190306 日志管理及网络文件共享服务的主要内容,如果未能解决你的问题,请参考以下文章