MuLinux, mafaera erogiyo mafaira ane mameseji nezve masystem mashandiro ayo anoshandiswa nema system manejimendi kuti aone zvinoguma zvaitika pamushini. Iwo matanda anobatsira maneja kuti afungidzire zviitiko zvakaitika muchirongwa nekufamba kwenguva. Kazhinji, mafaera ese egogi anochengetwa pasi / var / log dhairekitori muLinux. Munzvimbo ino, pane akati wandei emafaira erogi ekuchengetera akasiyana mameseji, senge regi faira yekurekodha zviitiko zvehurongwa, faira reruwa remasevhisi ane hukama, mamwe mafaera erog yakatsaurirwa kernel, vashandisi kana cron mabasa. Chinangwa chikuru chemafaira erogi ndechekugadzirisa matambudziko ehurongwa. Mazhinji mafaira emafaira muLinux anotungamirirwa ne rsyslogd service. Pane kuburitswa kutsva kwekuparadzirwa kweLinux, mafaera egiyo anodzorwawo uye anotarisirwa nejenali system sevhisi, inova chikamu chehurongwa hwekutanga systemd. Iwo matanda akachengetwa nejenari daemon akanyorwa mune bhajitari fomati uye anonyanya kushanduka, akachengetwa mu RAM uye mune yekucheresa-mhete mu / run / log / journal /. Nekudaro, iyo sevhisi yebasa inogona zvakare kugadzirirwa kuchengetedza zvachose iyo Syslog mameseji.
MuLinux, iyo rsyslog server inogona kugadzirirwa kumhanyisa central log maneja, mune yebasa-mutengi modhi fashoni, uye kutumira mameseji mameseji pamusoro petiweki kuburikidza neTCP kana UDP zvifambiso zvifambiso kana kugamuchira matanda kubva kunetiweki michina, maseva, ma routers, switch kana mamwe masisitimu kana zvigadzirwa zvakadzika zvinogadzira matanda.
Rsyslog daemon inogona kusetwa kuti imhanye sevatengi uye server panguva imwe chete. Yakagadzirirwa kumhanya sevhavha, Rsyslog ichateerera pane default chiteshi 514 TCP uye UDP uye ichatanga kuunganidza mameseji erogu ayo anotumirwa pamusoro pemambure nemaitiro ari kure. Sevatengi, Rsyslog inotumira pamusoro penetiweki yemukati mameseji mameseji kune iri kure Ryslog server kuburikidza neiyo imwechete TCP kana UDP chiteshi.
Rsyslog inozadza syslog mameseji zvinoenderana nesarudzo zvivakwa uye zviito. Iyo rsyslog mafirita ndeaya anotevera:
- Chivako kana Chekutanga mafaira
- Pfuma-yakavakirwa mafirita
- Tsananguro-yakavakirwa mafirita
The Nzvimbo firita inomiririrwa neiyo Linux yemukati sisitimu inogadzira matanda. Iwo akapatsanurwa sezvakaratidzwa pazasi:
- munyori / authpriv = mameseji anogadzirwa nemaitiro echokwadi
- cron they= matanda ane chekuita nekrononi mabasa
- daemon = mameseji ane chekuita nekumhanya system masevhisi
- kernel = Linux kernel mameseji
- tsamba = mail server meseji
- syslog = mameseji ane hukama nesyslog kana mamwe madhimoni (server yeDHCP inotumira matanda pano)
- lpr = maprinta kana anodhinda server meseji
- zvemuno0 - zvemuno7 = tsika mameseji ari pasi pevatariri
The kutanga kana kuomarara nhanho dzakapihwa kuzita rakakosha uye nhamba sekutsanangurwa pazasi.
- kubuda = Dambudziko - 0
- chenjerera = Nyevero - 1
- kurashika = Zvikanganiso - 3
- inyevera = Yambiro - 4
- cherechedza = Chiziviso - 5
- Info = Ruzivo - 6
- debug = Kugadzirisa - 7 chikamu chepamusoro
Kune zvakare mamwe akakosha Rsyslog mazwi akakosha anowanikwa senge asterisk (*) chiratidzo kutsanangura zvese
zvivakwa kana zvinokosheswa, iyo hapana keyword risingatauri zvakakosha, chiratidzo chakaenzana (=) iyo inosarudza icho chete chekutanga uye chiratidzo chekushamisira (!) iyo inokanganisa kukosha.
Chikamu chekuita che syslog chinomiririrwa ne rwendo chirevo. Iko kuenda kweshoko regogi kunogona kunge iri faira rakachengetwa mufaira system, faira mu / var / log / system nzira, imwe yemuno maitiro ekuisa kuburikidza nepombi inonzi kana FIFO. Iwo mameseji erogi anogona zvakare kunongedzwa kune vashandisi, akaraswa kune gomba dema (/ dev / null) kana kutumirwa kune stdout kana kune iri kure syslog server kuburikidza neTCP / UDP protocol. Iwo mameseji erogi anogona zvakare kuchengetwa mudhatabhesi, senge MySQL kana PostgreSQL.
Gadzira Rsyslog seSeva
Rsyslog daemon inoiswa otomatiki mune akawanda ekuparadzira kweLinux. Nekudaro, kana Rsyslog isina kuiswa pane yako system unogona kuburitsa imwe yemirairo iripazasi kuti umise sevhisi> iwe unozoda rombo remidzi kumhanyisa iwo mirairo.
MuDebian based distros:
sudo apt-tora kuisa rsyslog
MuRHEL based distros seCentOS:
sudo yum kuisa rsyslog
Kuti uone kana Rsyslog daemon yatanga pane system ita iri pazasi mirairo, zvinoenderana neshanduro yako yekugovera.
Pane nyowani Linux distros ine systemd:
systemctl chimiro rsyslog.service
Pamhando dzekare dzeLinux ine init:
sevhisi rsyslog mamiriro
/etc/init.d/rsyslog chinzvimbo
Kuti utange rsyslog daemon buritsa unotevera kuraira.
Pamhando dzekare dzeLinux ine init:
basa rsyslog kutanga
/etc/init.d/rsyslog kutanga
Pane yazvino Linux distros:
systemctl kutanga rsyslog.service
Kugadzira rsyslog chirongwa chekumhanya mune server modhi, gadzirisa iyo huru yekumisikidza faira mu /etc/rsyslog.conf. Mune ino faira ita zvinotevera shanduko sezvakaratidzwa mune pazasi sampuli.
sudo vi /etc/rsyslog.conf
Tsvaga uye uncomment nekubvisa iyo hashtag (#) inotevera mitsara kuti ubvumire UDP meseji yekugamuchira meseji pane 514 port. Nokusingaperi, chiteshi cheDP chinoshandiswa nesyslog kutumira-kugamuchira mameseji.
$ ModLoad imudp $ UDPServerRun 514
Nekuti iyo UDP protocol haina kuvimbika kuchinjana dhata pamusoro penetiweki, unogona kumisikidza Rsyslog kuburitsa mameseji erogi kune iri kure server kuburikidza neTCP protocol. Kugonesa TCP yekugamuchira protocol, vhura /etc/rsyslog.conf faira uye uncomment inotevera mitsara sezvakaratidzwa pasi apa. Izvi zvinobvumidza rsyslog daemon kusunga uye kuteerera pane TCP socket pachiteshi 514.
$ ModLoad imtcp $ InputTCPServerRun 514
Ma protocols ese ari maviri anogona kugoneswa mu rsyslog kumhanya panguva imwe chete.
Kana iwe uchida kudoma kune vatumwa vapi vaunobvumidza kupinda kune rsyslog daemon, wedzera iyo inotevera tambo mushure meyakagoneswa protocol mitsara:
$ InotenderwaSender TCP, 127.0.0.1, 10.110.50.0/24, * .yourdomain.com
Iwe zvakare unozofanirwa kugadzira iyo nyowani template inozo parasirwa ne rsyslog daemon usati wagamuchira iyo inouya matanda. Iyo template inofanirwa kuraira renzvimbo yeRsyslog server yekuchengetera irwo runopinda mameseji. Tsanangura template iko chaiko mushure me $ KubvumidzwaSender mutsara sezvakaratidzwa mune pazasi sampuro.
$ template Inouya-matanda, "/ var / log /% HOSTNAME% /% PROGRAMNAME% .log" *. * Incoming-matanda & ~
Kunyora chete meseji inogadzirwa nekern nzvimbo shandisa iri pazasi syntax.
kern. *? Incoming-matanda
Iwo matanda akagamuchirwa akaparadzirwa neiyo yepamusoro template uye inochengetwa mune yemuno faira system mu / var / log / dhairekitori, mumafaira akatumidzwa zita remutengi hostname mutengi nzvimbo iyo yakaburitsa meseji: % HOSTNAME% uye % PROGRAMNAME% akasiyana.
Izvo pazasi & ~ redirect mutemo unogadzirisa iyo Rsyslog daemon yekuchengetedza iyo irikunouya mameseji erogi chete kune aya ari pamusoro mafaira akatsanangurwa nemazita akasiyana. Zvikasadaro, matanda akagamuchirwa anozogadziriswazve uye zvakare akachengetwa mune zvemukati matanda, senge / var / log / syslog faira.
Kuti uwedzere mutemo wekurasa ese akanangana nelog mameseji kutumira, unogona kushandisa chirevo chinotevera.
tsamba. * ~
Mimwe misiyano inogona kushandiswa kuburitsa mazita emafaira ndeaya:% syslogseverity%,% syslogfacility%,% nguva yakamiswa%,% HOSTNAME%,% syslogtag%,% msg%,% FROMHOST-IP%,% PRI%,% MSGID%, % APP-NAME%,% TIMESTAMP%,% $ gore%,% $ mwedzi%,% $ zuva%
Kutanga neRsyslog vhezheni 7, fomati nyowani yekumisikidza inogona kushandiswa kuzivisa template mune Rsyslog server.
Iyo vhezheni 7 template sampuro inogona kutaridzika senge inoratidzwa mumitsara pazasi.
template (name = "MyTemplate" type = "string" string = "/ var / log /% FROMHOST-IP% /% PROGRAMNAME ::: secpath-kutsiva% .log")
Imwe nzira iwe yaunogona kunyora pamusoro template inogona zvakare kuve sekuratidzwa pazasi:
template (name = "MyTemplate" type = "list") {zvinoramba (value = "/ var / log /") chivakwa (name = "fromhost-ip") constant (value = "/") property (name = "programname "SecurePath =" kutsiva ") zvinogara (kukosha =". Danda ")}
Kuti ushandise chero shanduko dzakaitwa ku rsyslog yekumisikidza faira, unofanirwa kutangazve daemon kurodha iyo nyowani yekugadziriswa.
sudo service rsyslog inotangazve
sudo systemctl kutanga rsyslog
Kuti utarise kuti ndedzipi rsyslog zvigadziko mukuteerera nyika yakavhurwa pane Debian Linux system, unogona kuitisa iyo netstat kuraira uine midzi irombo. Darika mhedzisiro kuburikidza neyekushandisa firita, senge grep.
sudo netstat -tulpn | grep rsyslog
Ziva kuti iwe unofanirwa zvakare kuvhura Rsyslog madoko mune firewall kuitira kuti ubvumire zvinouya kubatana kuti zvigadziriswe.
MuRHEL based distros neFirewalld yakamisikidzwa kuburitsa iri pazasi mirairo:
firewall-cmd --permanent --add-port=514/tcp
firewall-cmd --permanent --add-port=514/tcp
firewall-cmd -reload
MuDebian based distros neUFW firewall inoshanda inoburitsa pazasi mirairo:
ufw inobvumira 514 / tcp
ufw rega 514 / udp
Iptables firewall mitemo:
iptables -A INPUT -p tcp -m tcp --dport 514 -j ACCEPT
iptables -A INPUT -p udp --dport 514 -j Bvuma
Gadzira Rsyslog seMutengi
Kugonesa rsyslog daemon kumhanyisa mune mutengi modhi uye kuburitsa mameseji emunharaunda mameseji kune iri kure Rsyslog server, gadzirisa /etc/rsyslog.conf faira uye wedzera imwe yeiyi mitsara inotevera:
*. * @IP_REMOTE_RSYSLOG_SERVER: 514
*. * @FQDN_RSYSLOG_SERVER: 514
Iyi tambo inogonesa iyo Rsyslog sevhisi kuburitsa ese emukati matanda kune iri kure Rsyslog server pane UDP chiteshi che514.
Kutumira matanda pamusoro peTCP protocol shandisa template inotevera:
*. * @@ IP_reomte_syslog_server: 514
Kuburitsa chete matanda anoenderana nekrononi nezvose zvakakosha kune rsyslog server, shandisa pazasi template:
cron. * @ IP_reomte_syslog_server: 514
Mune zviitiko apo iyo Rsyslog server isinga svikike kuburikidza neterevhizheni, shandisa iyo pazasi mitsara ku /etc/rsyslog.conf faira padivi revatengi kuitira kuti unochengeta matanda mu disk yakaomeswa faira, kudzamara server yauya online.
$ ActionQueueFileName mutsetse $ ActionQueueMaxDiskSpace 1g $ ActionQueueSaveOnShutdown pa $ ActionQueueType LinkedList $ ActionResumeRetryCount -1
Kuti ushandise iyo iri pamusoro mitemo, Rsyslog daemon inoda kutangwazve kuitira kuti iite sevatengi.