Kafa Sabis ɗin Gizon Serverasa tare da Rsyslog a cikin CentOS/RHEL 8


Domin masu kula da tsarin su gano ko bincika matsaloli akan sabar CentOS 8 ko RHEL 8, yana da mahimmanci a san da duba abubuwan da suka faru akan sabar a wani lokaci na musamman daga fayilolin log da aka samo a /var/log kundin adireshi a cikin tsarin.

Tsarin Syslog (Tsarin Lantarki) a kan sabar na iya zama a matsayin babban wurin sanya ido kan hanyar sadarwar inda duk sabobin, na'urorin sadarwar, masu sauyawa, magudanar bayanai da kuma ayyukan cikin gida wadanda suke kirkirar rajistan ayyukan, ko suna da nasaba da batun na ciki ko kuma kawai sakonnin bayanai ne. iya aika rajistan ayyukan su.

A kan sabar CentOS/RHEL 8, Rsyslog daemon shine mafi mahimmancin sabar log wanda yazo wanda aka sanya shi ta tsoho, sai kuma Systemd Journal Daemon (journald).

Rsyslog shine tushen amfani mai buɗewa, wanda aka haɓaka azaman abokin haɗin ginin/sabis ɗin gine-ginen uwar garke kuma zai iya cimma matsayin duka biyu da kansa. Zai iya gudana azaman sabar kuma ya tattara duk bayanan da wasu na'urori suka watsa akan hanyar sadarwar ko kuma zai iya gudana azaman abokin ciniki ta hanyar aika duk abubuwan cikin cikin da aka shiga cikin uwar garken Syslog mai nisa.

  1. Shigar da\"CentOS 8.0 ″ tare da Screenshots
  2. Shigarwa na RHEL 8 tare da Screenshots

Don saita sabar log log a kan uwar garken CentOS/RHEL 8, kuna buƙatar bincika tabbatarwa cewa ɓangaren /var yana da isasshen sarari (minimuman GB kaɗan) don adana duk fayilolin log ɗin da aka yi rikodin akan tsarin da wasu na'urori ke aikawa akan hanyar sadarwa. Ina baku shawara ku sami keɓaɓɓiyar tarko (LVM ko RAID) don hawa kan /var/log/ directory.

Yadda ake Sanya Rsyslog Server a cikin CentOS/RHEL 8

1. Kamar yadda na fada, ana shigar da sabis na Rsyslog kuma yana aiki kai tsaye a cikin sabar CentOS/RHEL 8. Don tabbatar da cewa daemon yana gudana a cikin tsarin, gudanar da umarnin mai zuwa.

# systemctl status rsyslog.service

Idan sabis ɗin baya gudana ta tsoho, gudanar da wannan umarni don fara rsyslog daemon.

# systemctl start rsyslog.service

2. Idan ba'a shigar da Rsyslog mai amfani ba ta hanyar tsoho akan tsarin da kake shirin amfani dashi azaman uwar garken shiga tsakani, ka bi umarnin dnf mai zuwa domin girka kunshin rsyslog ka fara daemon.

# dnf install rsyslog
# systemctl start rsyslog.service

3. Da zarar an shigar da Rsyslog mai amfani, yanzu zaka iya saita rsyslog azaman uwar garke ta hanyar bude babban fayil din sanyi /etc/rsyslog.conf, domin karbar sakonnin log na abokan huldar waje.

# vi /etc/rsyslog.conf

A cikin fayil ɗin daidaitawa na /etc/rsyslog.conf, nemo kuma baƙinciki da waɗannan layukan don ba da izinin jigilar UDP zuwa sabar Rsyslog ta tashar 514. Rsyslog yayi amfani da daidaitattun ladabi na UDP don watsa log.

module(load="imudp") # needs to be done just once
input(type="imudp" port="514")

4. Yarjejeniyar UDP ba ta da TCP sama, kuma tana sa watsa bayanai da sauri fiye da yarjejeniyar TCP. A gefe guda, yarjejeniyar UDP ba ta da tabbacin amincin bayanan da aka watsa.

Koyaya, idan kuna son amfani da yarjejeniya ta TCP don karɓar shiga dole ne ku nemo kuma ku baƙantawa da layuka masu zuwa a cikin /etc/rsyslog.conf fayil ɗin daidaitawa don saita Rsyslog daemon don ɗaure da sauraron soket ɗin TCP akan tashar 514.

module(load="imtcp") # needs to be done just once
input(type="imtcp" port="514")

5. Yanzu ƙirƙirar sabon samfuri don karɓar saƙonnin nesa, kamar yadda wannan samfurin zai jagoranci uwar garken Rsyslog na cikin gida, inda za a adana saƙonnin da aka karɓa daga abokan ciniki na Syslog.

$template RemoteLogs,"/var/log/%HOSTNAME%/%PROGRAMNAME%.log" 
*.* ?RemoteLogs

The $samfuri RemoteLogs jagorar Rsyslog daemon don tattarawa da rubuta duk saƙonnin da aka watsa zuwa fayiloli daban, dangane da sunan abokin ciniki da aikace-aikacen abokin cinikin nesa wanda ya ƙirƙiri saƙonnin bisa ga ƙayyadaddun abubuwan da aka ƙara a cikin samfurin sanyi: % HOSTNAME% da% PROGRAMNAME% .

Duk fayilolin log ɗin da aka karɓa za a rubuta su zuwa tsarin fayilolin gida zuwa fayil ɗin da aka ware mai suna bayan sunan mai masaukin na mashin abokin ciniki kuma a ajiye shi a/var/log/directory.

Dokar & ~ ta turawa uwar garken Rsyslog na cikin gida ta daina sarrafa sakonnin da aka karba yaci gaba da cire sakonnin (kar a rubuta su zuwa fayilolin log na ciki).

RemoteLogs suna ne na son zuciya da aka bawa wannan umarnin na samfuri. Kuna iya amfani da duk sunan da kuke so wanda ya dace da samfurin ku.

Don daidaita samfuran Rsyslog masu rikitarwa, karanta littafin fayil ɗin daidaitawar Rsyslog ta hanyar tafiyar da umarnin mutum rsyslog.conf ko tuntuɓi takardun Rsyslog kan layi.

# man rsyslog.conf

6. Bayan yin canjin sanyi na sama, zaku iya sake farawa daemon Rsyslog domin aiwatar da canje-canje kwanan nan ta hanyar aiwatar da umarni mai zuwa.

# service rsyslog restart

7. Da zarar ka sake kunnawa uwar garken Rsyslog, to yakamata tayi aiki yanzu azaman matsakaiciyar uwar garke da rikodin sakonni daga abokan Syslog Don tabbatar da rukunin cibiyar sadarwar Rsyslog, gudanar da amfani mai amfani don tsarkake kirtani na rsyslog.

# netstat -tulpn | grep rsyslog 

Idan umarnin netstat bai shiga cikin CentOS 8 ba, zaku iya girka shi ta amfani da wannan umarnin.

# dnf whatprovides netstat
# dnf install net-tools

8. Idan kana da SELinux mai aiki a cikin CentOS/RHEL 8, gudanar da wannan umarni don ba da damar zirga-zirgar rsyslog ya dogara da nau'in soket na hanyar sadarwa.

# semanage port -a -t syslogd_port_t -p udp 514
# semanage port -a -t syslogd_port_t -p tcp 514

Idan umarnin samari bai girka akan CentOS 8 ba, zaku iya girka ta ta amfani da wannan umarnin.

# dnf whatprovides semanage
# dnf install policycoreutils-python-utils

9. Idan kana da katangar wuta da ke aiki akan tsarin, gudanar da wadannan umarni domin kara ka'idojin da ake bukata domin kyale zirga-zirgar ababen hawa na rsyslog a tashar jiragen ruwa ta Firewalld.

# firewall-cmd --permanent --add-port=514/tcp
# firewall-cmd --permanent --add-port=514/udp
# firewall-cmd --reload

Hakanan zaka iya iyakance haɗi masu shigowa a tashar jirgin ruwa 514 daga jerin jeri na IP waɗanda aka sanya su kamar yadda aka nuna.

# firewall-cmd --permanent --add-rich-rule 'rule family="ipv4" source address="123.123.123.0/21" port port="514" protocol="tcp" accept'
# firewall-cmd --permanent --add-rich-rule 'rule family="ipv4" source address="123.123.123.0/21" port port="514" protocol="udp" accept'
# firewall-cmd --reload

Shi ke nan! Rsyslog yanzu an saita shi azaman cibiyar uwar garken rajista kuma yana iya tattara rajistan ayyukan daga abokan ciniki na nesa. A cikin labarin na gaba, zamu ga yadda za a saita Rsyslog abokin ciniki akan sabar CentOS/RHEL 8.