Yadda ake Sanya Sabar Logging ta Tsakiya tare da Rsyslog a cikin Linux
Logs wani abu ne mai mahimmanci na kowane software ko tsarin aiki. Logs yawanci suna rikodin ayyukan mai amfani, abubuwan da suka faru na tsarin, ayyukan cibiyar sadarwa da ƙari mai yawa, ya danganta da abin da ake nufi da shi. Ɗaya daga cikin tsarin shiga da aka fi amfani dashi akan tsarin Linux shine rsyslog.
Rsyslog tsarin aiki ne mai ƙarfi, amintacce kuma babban aiki wanda ke karɓar bayanai daga nau'ikan tushe daban-daban (tsarin/aikace-aikace) kuma yana fitar da shi cikin tsari da yawa.
Ya samo asali daga syslog daemon na yau da kullun zuwa ingantaccen tsari, tsarin shigar da matakin kamfani. An tsara shi a cikin samfurin abokin ciniki/uwar garken, saboda haka ana iya saita shi azaman abokin ciniki da/ko azaman uwar garken shiga ta tsakiya don wasu sabobin, na'urorin cibiyar sadarwa, da aikace-aikacen nesa.
Don manufar wannan jagorar, za mu yi amfani da runduna masu zuwa:
- Server: 192.168.241.140
- Abokin ciniki: 172.31.21.58
Yadda ake Shigar da Sanya Sabar Rsyslog
Yawancin rarrabawar Linux suna zuwa tare da fakitin rsyslog da aka riga aka shigar. Idan ba a shigar da shi ba, zaku iya shigar da shi ta amfani da kayan aikin sarrafa fakitin Linux kamar yadda aka nuna.
$ sudo yum update && yum install rsyslog #CentOS 7 $ sudo apt update && apt install rsyslog #Ubuntu 16.04, 18.04
Da zarar an shigar da rsyslog, kuna buƙatar fara sabis ɗin a yanzu, kunna shi don farawa ta atomatik a taya kuma duba matsayinsa tare da umarnin systemctl.
$ sudo systemctl start rsyslog $ sudo systemctl enable rsyslog $ sudo systemctl status rsyslog
Babban fayil ɗin daidaitawar rsyslog yana a /etc/rsyslog.conf, wanda ke ɗaukar kayayyaki, yana bayyana umarnin duniya, ya ƙunshi dokoki don sarrafa saƙonnin log kuma ya haɗa da duk fayilolin daidaitawa a /etc/rsyslog.d/ don aikace-aikace/ ayyuka daban-daban. .
$ sudo vim /etc/rsyslog.conf
Ta hanyar tsoho, rsyslog yana amfani da imjournal da imusock modules don shigo da saƙon log ɗin da aka tsara daga tsarin da aka tsara da kuma karɓar saƙonnin syslog daga aikace-aikacen da ke gudana akan tsarin gida ta hanyar Unix sockets, bi da bi.
Don saita rsyslog a matsayin uwar garken shiga cibiyar sadarwa/tsakiya, kuna buƙatar saita ƙa'idar (ko dai UDP ko TCP ko duka biyu) zai yi amfani da shi don karɓar syslog na nesa da tashar tashar da yake saurare.
Idan kana so ka yi amfani da haɗin UDP, wanda ya fi sauri amma ba amintacce ba, bincika da rashin jin daɗin layin da ke ƙasa (maye gurbin 514 tare da tashar jiragen ruwa da kake son sauraron shi, wannan ya dace da adireshin tashar jiragen ruwa wanda abokan ciniki ke aika saƙonni zuwa ga, za mu duba). A wannan ƙarin lokacin saita abokin ciniki rsyslog).
$ModLoad imudp $UDPServerRun 514
Don amfani da haɗin TCP (wanda yake a hankali amma ya fi dogara), bincika da rashin jin daɗin layin da ke ƙasa.
$ModLoad imtcp $InputTCPServerRun 514
A wannan yanayin, muna so mu yi amfani da haɗin UDP da TCP a lokaci guda.
Na gaba, kuna buƙatar ayyana ƙa'idodin sarrafa rajistan ayyukan nesa a cikin tsari mai zuwa.
facility.severity_level destination (where to store log)
Inda:
- kayan aiki: shine nau'in saƙon samar da tsari/application, sun haɗa da auth, cron, daemon, kernel, local0..local7. Amfani da
*yana nufin duk kayan aiki. - tsauni_level: shine nau'in saƙon log: Emerg-0, faɗakarwa-1, crit-2, err-3, gargaɗin-4, sanarwa-5, bayani-6, gyara-7. Amfani da
*yana nufin duk matakan tsanani kuma babu wanda ke nuna rashin ƙarfi. - manufa: ko dai fayil ɗin gida ne ko uwar garken rsyslog mai nisa (wanda aka ayyana ta hanyar IP:port).
Za mu yi amfani da ƙa'idodi masu zuwa don tattara rajistan ayyukan daga runduna masu nisa, ta amfani da samfurin RemoteLogs. Lura cewa dole ne waɗannan dokoki su zo gaban kowace ƙa'idodi don sarrafa saƙonnin gida, kamar yadda aka nuna a hoton allo.
$template RemoteLogs,"/var/log/%HOSTNAME%/%PROGRAMNAME%.log" *.* ?RemoteLogs & ~
Duban ƙa'idodin da ke sama, ƙa'idar farko ita ce \$Template RemoteLogs,/var/log/%HOSTNAME%/%PROGRAMNAME%log.
Umurnin samfurin $yana gaya wa rsyslog daemon don tattarawa da rubuta duk saƙonnin nesa da aka karɓa zuwa takamaiman rajistan ayyukan a ƙarƙashin /var/log, dangane da sunan mai masauki (sunan injin abokin ciniki) da wurin abokin ciniki na nesa (shiri/ aikace-aikacen) wanda ya haifar da saƙonnin kamar yadda aka ayyana. ta saitunan da ke cikin samfurin RemoteLogs.
Layi na biyu \*.* ?RemoteLogs yana nufin yin rikodin saƙonni daga duk wurare a duk matakan tsanani ta amfani da saitin samfurin RemoteLogs.
Layin ƙarshe \& ~ yana ba rsyslog umarnin dakatar da sarrafa saƙonnin da zarar an rubuta su zuwa fayil. Idan ba ku haɗa da & ~, maimakon haka za a rubuta saƙonni zuwa fayilolin gida.
Akwai wasu samfura da yawa waɗanda za ku iya amfani da su, don ƙarin bayani, duba shafin rsyslog configuration man (man rsyslog.conf) ko koma zuwa takaddun Rsyslog akan layi.
Shi ke nan tare da daidaita sabar rsyslog. Ajiye ku rufe fayil ɗin sanyi. Don amfani da canje-canjen kwanan nan, sake kunna rsyslog daemon tare da umarni mai zuwa.
$ sudo systemctl restart rsyslog
Yanzu tabbatar da soket ɗin cibiyar sadarwar rsyslog. Yi amfani da umarnin ss (ko grep don tace haɗin haɗin rsyslogd.
$ sudo ss -tulnp | grep "rsyslog"
Na gaba, akan CentOS 7, idan kun kunna SELinux, gudanar da waɗannan umarni don ba da izinin zirga-zirgar rsyslog dangane da nau'in soket na cibiyar sadarwa.
$ sudo semanage -a -t syslogd_port_t -p udp 514 $ sudo semanage -a -t syslogd_port_t -p tcp 514
Idan tsarin yana kunna Tacewar zaɓi, kuna buƙatar buɗe tashar jiragen ruwa 514 don ba da damar haɗin UDP/TCP duka zuwa uwar garken rsyslog, ta hanyar gudu.
------------- On CentOS ------------- $ sudo firewall-cmd --permanent --add-port=514/udp $ sudo firewall-cmd --permanent --add-port=514/tcp $ sudo firewall-cmd --reload ------------- On Ubuntu ------------- $ sudo ufw allow 514/udp $ sudo ufw allow 514/tcp $ sudo ufw reload
Yadda ake Sanya Abokin Ciniki na Rsyslog don Aika Logs zuwa Rsyslog Server
Yanzu akan tsarin abokin ciniki, bincika idan sabis ɗin rsyslog yana gudana ko a'a tare da umarni mai zuwa.
$ sudo systemctl status rsyslog
Idan ba a shigar ba, shigar da shi kuma fara sabis kamar yadda aka nuna a baya.
$ sudo yum update && yum install rsyslog #CentOS 7 $ sudo apt update && apt install rsyslog #Ubuntu 16.04, 18.04 $ sudo systemctl start rsyslog $ sudo systemctl enable rsyslog $ sudo systemctl status rsyslog
Da zarar sabis na rsyslog ya tashi yana aiki, buɗe babban fayil ɗin sanyi inda zaku yi canje-canje zuwa saitunan tsoho.
$ sudo vim /etc/rsyslog.conf
Don tilasta wa rsyslog daemon yin aiki a matsayin abokin ciniki na log kuma tura duk saƙonnin log ɗin da aka samar a cikin gida zuwa uwar garken rsyslog na nesa, ƙara wannan ka'idar turawa, a ƙarshen fayil ɗin kamar yadda aka nuna a hoton da ke gaba.
*. * @@192.168.100.10:514
Dokar da ke sama za ta aika saƙonni daga duk wurare da kuma a duk matakan tsanani. Don aika saƙonni daga takamaiman wurin misali auth, yi amfani da doka mai zuwa.
auth. * @@192.168.100.10:514
Ajiye canje-canje kuma rufe fayil ɗin sanyi. Don amfani da saitunan da ke sama, sake kunna rsyslog daemon.
$ sudo systemctl restart rsyslog
Yadda ake Kula da Login Nesa akan Sabar Rsyslog
Mataki na ƙarshe shine tabbatar da idan rsyslog yana karɓa da shigar da saƙonni daga abokin ciniki, ƙarƙashin /var/log, a cikin hanyar hostname/programname.log.
Gudanar da umarnin ls zuwa dogon jerin sunayen adiresoshin rajista na iyaye kuma duba idan akwai kundin adireshi mai suna ip-172.31.21.58 (ko duk abin da sunan mai masaukin na'urar abokin cinikin ku).
$ ls -l /var/log/
Idan directory ɗin ya wanzu, duba fayilolin log ɗin da ke cikinsa, ta hanyar aiki.
$ sudo ls -l /var/log/ip-172-31-21-58/
Rsyslog babban tsarin sarrafa log ne, wanda aka ƙera shi a cikin gine-ginen abokin ciniki/uwar garken. Muna fatan za ku iya shigarwa da daidaita Rsyslog a matsayin tsakiya/uwar garken shiga cibiyar sadarwa kuma a matsayin abokin ciniki kamar yadda aka nuna a cikin wannan jagorar.
Hakanan kuna iya son komawa zuwa shafukan jagorar rsyslog masu dacewa don ƙarin taimako. Jin kyauta don ba mu kowane ra'ayi ko yin tambayoyi.