Yadda ake Sarrafa rajistan ayyukan tsarin (Sanya, Juyawa da Shigowa cikin Database) a cikin RHEL 7 - Sashe na 5

Domin kiyaye tsarin RHEL 7 ɗinku amintacce, kuna buƙatar sanin yadda ake saka idanu akan duk ayyukan da ke gudana akan waɗannan tsarin ta hanyar bincika fayilolin log. Don haka, zaku iya gano duk wani sabon abu ko mai yuwuwar mugun aiki da aiwatar da matsalar tsarin ko ɗaukar wani matakin da ya dace.

A cikin RHEL 7, rsyslogd daemon yana da alhakin shigar da tsarin kuma yana karanta tsarin sa daga /etc/rsyslog.conf (wannan fayil yana ƙayyade wurin da aka saba don duk rajistan ayyukan tsarin) kuma daga fayiloli a cikin /etc/rsyslog.d, idan akwai.

Kanfigareshan Rsyslogd

Binciken gaggawa na rsyslog.conf zai taimaka don farawa. An raba wannan fayil ɗin zuwa manyan sassan 3: Modules (tunda rsyslog yana bin tsarin ƙira), umarnin duniya (an yi amfani da shi don saita abubuwan duniya na rsyslogd daemon), da Dokoki. Kamar yadda wataƙila za ku yi tsammani, wannan sashe na ƙarshe yana nuna abin da aka shigar ko aka nuna (wanda kuma aka sani da mai zaɓe) da kuma inda, kuma zai zama abin da muka fi mai da hankali a cikin wannan labarin.

Layi na yau da kullun a cikin rsyslog.conf shine kamar haka:

A cikin hoton da ke sama, za mu iya ganin cewa mai zaɓi ya ƙunshi ɗaya ko fiye nau'i-nau'i Facility:Priority rabu da semicolons, inda Facility ke bayyana nau'in saƙo ( koma zuwa sashe 4.1.1 a cikin RFC 3164 don ganin cikakken jerin wuraren da akwai don rsyslog) kuma fifiko yana nuna tsananin sa, wanda zai iya zama ɗaya daga cikin waɗannan kalmomi na bayyana kansu:

  1. debug
  2. bayanai
  3. sanarwa
  4. gargadi
  5. kuskure
  6. rashin hankali
  7. faɗakarwa
  8. fitowa

Ko da yake ba fifiko kanta ba, kalmar maɓalli babu wanda ke nufin babu fifiko a duk kayan aikin da aka bayar.

Lura: Cewa fifikon da aka ba shi yana nuna cewa duk saƙonnin irin wannan fifiko da sama yakamata a shigar dasu. Don haka, layin da ke cikin misalin da ke sama ya umurci rsyslogd daemon don shigar da duk saƙonnin fifiko ko mafi girma (ba tare da la'akari da wurin ba) sai waɗanda ke cikin sabis na mail, authpriv, da cron (ba za a yi la'akari da saƙon da ke fitowa daga wannan wurin ba. ) zuwa /var/log/messages.

Hakanan zaka iya haɗa wurare da yawa ta amfani da alamar hanji don amfani da fifiko iri ɗaya ga duka. Don haka, layin:

*.info;mail.none;authpriv.none;cron.none                /var/log/messages

Ana iya sake rubutawa kamar

*.info;mail,authpriv,cron.none                /var/log/messages

A wasu kalmomi, an haɗa saƙon kayan aiki, authpriv, da cron kuma babu wata maɓalli da aka yi amfani da su a kan su ukun.

Don shiga duk saƙonnin daemon zuwa /var/log/tecmint.log, muna buƙatar ƙara layin da ke gaba ko dai a cikin rsyslog.conf ko a cikin wani fayil daban (mai sauƙin sarrafawa) a ciki /etc/rsyslog.d:

daemon.*    /var/log/tecmint.log

Bari mu sake kunna daemon (lura cewa sunan sabis ɗin baya ƙarewa da d):

# systemctl restart rsyslog

Kuma duba abubuwan da ke cikin log ɗin mu na al'ada kafin da bayan sake kunna daemon bazuwar guda biyu:

A matsayin motsa jiki na nazarin kai, zan ba da shawarar ku yi wasa tare da wurare da abubuwan da suka fi dacewa kuma ko dai shigar da ƙarin saƙonni zuwa fayilolin log ɗin data kasance ko ƙirƙirar sababbi kamar yadda yake a cikin misali na baya.

Juyawa Logs ta amfani da Logrotate

Don hana fayilolin log daga girma har abada, ana amfani da kayan aikin logrotate don juyawa, damfara, cirewa, da madadin rajistan ayyukan saƙo, don haka sauƙaƙe sarrafa tsarin da ke haifar da manyan fayilolin log.

Logrotate yana gudana yau da kullun azaman aikin cron (/etc/cron.daily/logrotate) kuma yana karanta tsarin sa daga /etc/logrotate.conf da daga fayilolin da ke cikin /etc/logrotate.d, idan akwai.

Kamar yadda yake tare da rsyslog, ko da lokacin da za ku iya haɗa saituna don takamaiman ayyuka a cikin babban fayil ɗin, ƙirƙirar fayilolin daidaitawa daban don kowane ɗayan zai taimaka tsara saitunan ku da kyau.

Bari mu kalli wani nau'in logrotate.conf:

A cikin misalin da ke sama, logrotate zai aiwatar da ayyuka masu zuwa don /var/loh/wtmp: ƙoƙarin juyawa sau ɗaya kawai a wata, amma idan fayil ɗin ya kasance aƙalla 1 MB, sannan ƙirƙirar sabon fayil ɗin log tare da saita izini. zuwa 0664 da ikon mallakar tushen mai amfani da rukunin utmp. Na gaba, ajiye log guda ɗaya kawai, kamar yadda umarnin juyawa ya kayyade:

Yanzu bari mu yi la'akari da wani misali kamar yadda aka samu a /etc/logrotate.d/httpd:

Kuna iya karanta ƙarin game da saitunan logrotate a cikin shafukan mutum (man logrotate.conf). Ana ba da fayilolin biyu tare da wannan labarin a cikin tsarin PDF don sauƙin karantawa.

A matsayin injiniyan tsarin, zai kasance da yawa a gare ku don yanke shawarar tsawon lokacin da za a adana rajistan ayyukan kuma a cikin wane tsari, dangane da ko kuna da/var a cikin wani yanki na daban/ƙarar ma'ana. In ba haka ba, da gaske kuna son yin la'akari da cire tsoffin rajistan ayyukan don adana sararin ajiya. A gefe guda, ƙila a tilasta muku kiyaye rajistan ayyukan da yawa don duba tsaro na gaba bisa ga manufofin cikin gida na kamfanin ku ko abokin ciniki.

Tabbas nazarin rajistan ayyukan (ko da tare da taimakon kayan aiki irin su grep da maganganu na yau da kullun) na iya zama aiki mai wahala. Don wannan dalili, rsyslog yana ba mu damar fitar da su cikin bayanai (RDBMS masu goyan bayan OTB sun haɗa da MySQL, MariaDB, PostgreSQL, da Oracle.

Wannan sashe na koyawa yana ɗauka cewa kun riga kun shigar da uwar garken MariaDB da abokin ciniki a cikin akwatin RHEL 7 guda ɗaya inda ake sarrafa rajistan ayyukan:

# yum update && yum install mariadb mariadb-server mariadb-client rsyslog-mysql
# systemctl enable mariadb && systemctl start mariadb

Sannan yi amfani da mai amfani mysql_secure_installation don saita kalmar sirri don tushen mai amfani da sauran abubuwan tsaro:

Lura: Idan ba ka so ka yi amfani da tushen mai amfani na MariaDB don saka saƙonnin shiga cikin bayanan, za ka iya saita wani asusun mai amfani don yin haka. Bayanin yadda ake yin hakan ya wuce iyakar wannan koyawa amma an bayyana shi dalla-dalla a cikin tushen ilimin MariaDB. A cikin wannan koyawa za mu yi amfani da tushen asusun don sauƙi.

Na gaba, zazzage rubutun ƙirƙirarDB.sql daga GitHub kuma shigo da shi cikin sabar bayanan ku:

# mysql -u root -p < createDB.sql

A ƙarshe, ƙara waɗannan layukan zuwa /etc/rsyslog.conf:

$ModLoad ommysql
$ActionOmmysqlServerPort 3306
*.* :ommysql:localhost,Syslog,root,YourPasswordHere

Sake kunna rsyslog da uwar garken bayanai:

# systemctl restart rsyslog 
# systemctl restart mariadb

Yanzu yi wasu ayyuka waɗanda za su canza rajistan ayyukan (kamar tsayawa da farawa sabis, alal misali), sannan shiga uwar garken DB ɗin ku kuma yi amfani da daidaitattun umarnin SQL don nunawa da bincika cikin rajistan ayyukan:

USE Syslog;
SELECT ReceivedAt, Message FROM SystemEvents;

Takaitawa

A cikin wannan labarin mun yi bayanin yadda ake saita tsarin log, yadda ake juya log ɗin, da yadda ake tura saƙon zuwa rumbun adana bayanai don sauƙin bincike. Muna fatan waɗannan ƙwarewar za su taimaka yayin da kuke shirin jarrabawar RHCE da kuma cikin ayyukanku na yau da kullun.

Kamar koyaushe, ra'ayoyin ku sun fi maraba. Jin kyauta don amfani da fom ɗin da ke ƙasa don isa gare mu.