Yadda ake Saita Abokin Ciniki na Rsyslog don Aika Logs zuwa Rsyslog Server a CentOS 7

Gudanar da log ɗin yana ɗaya daga cikin mafi mahimmancin sashi a cikin kayan aikin cibiyar sadarwa. Ana haifar da saƙon rajista akai-akai ta software mai yawa, kamar kayan aiki, aikace-aikace, daemons, sabis masu alaƙa da hanyar sadarwa, kernel, na'urorin jiki da sauransu.

Fayilolin log ɗin yana tabbatar da amfani idan akwai matsala game da lamuran tsarin Linux, saka idanu akan tsarin da kuma duba ƙarfin tsaro da matsaloli.

Rsyslog shiri ne na bude tushen shiga, wanda shine mafi shaharar tsarin shiga cikin adadi mai yawa na rarraba Linux. Hakanan sabis ɗin shiga tsoho ne a cikin CentOS 7 ko RHEL 7.

Ana iya saita Rsyslog daemon a cikin CentOS don gudana azaman uwar garken don tattara saƙonnin shiga daga na'urorin cibiyar sadarwa da yawa. Waɗannan na'urori suna aiki azaman abokan ciniki kuma an saita su don aika rajistan ayyukan su zuwa sabar rsyslog.

Koyaya, ana iya daidaita sabis ɗin Rsyslog kuma a fara shi a yanayin abokin ciniki. Wannan saitin yana umurci rsyslog daemon don tura saƙonnin shiga zuwa sabar Rsyslog mai nisa ta amfani da ka'idojin sufuri na TCP ko UDP. Hakanan ana iya saita sabis ɗin Rsyslog don gudana azaman abokin ciniki kuma azaman sabar a lokaci guda.

A cikin wannan koyawa za mu bayyana yadda ake saita CentOS/RHEL 7 Rsyslog daemon don aika saƙon shiga zuwa sabar Rsyslog mai nisa. Wannan saitin yana tabbatar da cewa za a iya adana sararin faifan injin ku don adana wasu bayanai.

Wurin da kusan duk fayilolin log ɗin aka rubuta ta tsohuwa a cikin CentOS shine hanyar tsarin /var. Hakanan yana da kyau koyaushe a ƙirƙiri keɓantaccen bangare don kundin adireshi /var, wanda za'a iya girma sosai, don kada ya ƙare ɓangaren /(tushen) .

Abokin ciniki na Rsyslog koyaushe yana aika saƙon shiga cikin rubutu a sarari, idan ba a fayyace ba. Kada ku saita abokin ciniki na Rsyslog don aika saƙonnin shiga ta Intanet ko cibiyoyin sadarwar da ba su ƙarƙashin cikakken ikon ku.

1. Tsarin Shigar CentOS 7.3
2. Tsarin Shigar RHEL 7.3
3. Shigar da Sabar Rsyslog a cikin CentOS/RHEL 7

Mataki 1: Tabbatar da Shigar Rsyslog

1. Ta hanyar tsoho, an riga an shigar da Rsyslog daemon kuma yana aiki a cikin tsarin CentOS 7. Domin tabbatar da idan sabis na rsyslog yana cikin tsarin, ba da umarni masu zuwa.

# rpm -q | grep rsyslog
# rsyslogd -v

2. Idan ba a shigar da kunshin Rsyslog a cikin CentOS ba, aiwatar da umarnin da ke ƙasa don shigar da sabis ɗin.

# yum install rsyslog

Mataki 2: Sanya Sabis na Rsyslog azaman Abokin Ciniki

3. Domin aiwatar da Rsyslog daemon da aka sanya akan tsarin CentOS 7 don yin aiki azaman abokin ciniki na log da kuma hanyar duk saƙonnin log ɗin da aka samar a cikin gida zuwa sabar Rsyslog mai nisa, canza fayil ɗin daidaitawar rsyslog kamar haka:

Da farko bude babban fayil ɗin sanyi don gyarawa.

# vi /etc/rsyslog.conf

Sa'an nan, saka layin da ke ƙasa a ƙarshen fayil ɗin kamar yadda aka kwatanta a cikin ɓangaren da ke ƙasa.

*. *  @192.168.10.254:514

A kan layin da ke sama yana tabbatar da maye gurbin adireshin IP na FQDN na uwar garken rsyslog mai nisa daidai. Layin da ke sama ya umurci Rsyslog daemon don aika duk saƙonnin log ɗin, ba tare da la'akari da kayan aiki ko tsanani ba, ga mai masaukin tare da IP 192.168.10.254 ta hanyar tashar 514/UDP.

4. Idan an saita uwar garken log na nesa don sauraron kawai akan haɗin TCP ko kuna son amfani da amintacciyar hanyar hanyar sadarwar sufuri, kamar TCP, ƙara wani hali @ a gaban mai watsa shiri mai nisa kamar yadda aka nuna a ciki. misalin da ke ƙasa:

*. *  @@logs.domain.lan:514

Hakanan Linux rsyslog yana ba da izini yana da wasu haruffa na musamman, kamar = ko !, waɗanda za'a iya sanyawa gaba ga matakan fifiko don nuna wannan fifiko kawai don alamar daidai da\ba wannan fifiko ko sama da wannan ba.

Wasu samfurori na cancantar matakin fifiko na Rsyslog a cikin CentOS 7:

• kern.info = rajistan ayyukan kwaya tare da fifikon bayanai da mafi girma.
• kern.=info = saƙonnin kwaya kawai tare da fifikon bayani.
• kern.info;kern.!err = saƙon kwaya kawai tare da bayanai, sanarwa, da fifikon faɗakarwa.
• kern.debug;kern.!=gargadi = duk fifikon kwaya banda gargadi.
• kern.* = duk saƙonnin fifikon kwaya.
• kern.none = kar a shiga kowane saƙon kayan aikin kwaya mai alaƙa ba tare da la'akari da fifiko ba.

Misali, tsammanin kuna son aika takamaiman saƙon wurin zuwa sabar log mai nisa, kamar duk saƙonnin wasiƙa masu alaƙa ba tare da la'akari da matakin fifiko ba, ƙara layin ƙasa zuwa fayil ɗin rsyslog:

mail.* @192.168.10.254:514 

5. A ƙarshe, don amfani da sabon tsarin, sabis na Rsyslog yana buƙatar sake kunnawa don daemon ya ɗauki canje-canje, ta hanyar bin umarnin da ke ƙasa:

# systemctl restart rsyslog.service

6. Idan saboda wasu dalilai Rsyslog daemon ba a kunna a lokacin taya ba, ba da umarnin da ke ƙasa don kunna tsarin sabis gabaɗaya:

# systemctl enable rsyslog.service

Mataki 3: Aika Apache da Nginx Logs zuwa Sabar Log Nesa

7. Ana iya saita uwar garken Apache HTTP don aika saƙon rajistan ayyukan zuwa uwar garken syslog mai nisa ta ƙara layin da ke gaba zuwa babban fayil ɗin sanyi kamar yadda aka kwatanta a misalin da ke ƙasa.

# vi /etc/httpd/conf/httpd.conf

A kan babban fayil na Apache ƙara layin da ke ƙasa.

CustomLog "| /bin/sh -c '/usr/bin/tee -a /var/log/httpd/httpd-access.log | /usr/bin/logger -thttpd -plocal1.notice'" combined

Layin zai tilastawa HTTP daemon rubuta saƙonnin log ɗin a ciki zuwa fayil ɗin log system, amma kuma sarrafa saƙon ta hanyar bututu don amfani da logger, wanda zai tura su zuwa uwar garken syslog mai nisa, ta hanyar sanya su a matsayin suna fitowa daga local1. kayan aiki.

8. Idan kuma kuna son sarrafa saƙonnin log ɗin kuskuren Apache zuwa uwar garken syslog mai nisa, ƙara sabuwar doka kamar wacce aka gabatar a cikin misalin da ke sama, amma tabbatar da maye gurbin sunan fayil ɗin log ɗin httpd da matakin girman fayil ɗin log zuwa. fifikon kuskuren wasa, kamar yadda aka nuna a cikin samfurin mai zuwa:

ErrorLog "|/bin/sh -c '/usr/bin/tee -a /var/log/httpd/httpd-error.log | /usr/bin/logger -thttpd -plocal1.err'"

9. Da zarar kun ƙara layin da ke sama, kuna buƙatar sake kunna Apache daemon don amfani da canje-canje, ta hanyar ba da umarni mai zuwa:

# systemctl restart httpd.service                 

10. Kamar yadda na sigar 1.7.1, sabar gidan yanar gizo ta Nginx tana da damar ginawa don shigar da saƙon sa kai tsaye zuwa sabar syslog mai nisa, ta ƙara waɗannan layukan lambar zuwa fayil ɗin sanyi na nginx.

error_log syslog:server=192.168.1.10:514,facility=local7,tag=nginx,severity=error;
access_log syslog:server=192.168.10.254:514,facility=local7,tag=nginx,severity=info main;

Don uwar garken IPv6, yi amfani da tsarin haɗin gwiwa don haɗa adireshin IPv6.

access_log syslog:server=[7101:dc7::9]:514,facility=local7,tag=nginx,severity=info;

11. A kan uwar garken Rsyslog mai nisa kuna buƙatar yin canjin mai zuwa zuwa fayil ɗin daidaitawar rsyslog, don karɓar rajistan ayyukan da uwar garken gidan yanar gizon Apache ta aika.

local1.* @Apache_IP_address:514

Shi ke nan! Kun yi nasarar daidaita Rsyslog daemon don yin aiki a yanayin abokin ciniki kuma, kuma, kun umurci uwar garken HTTP Apache ko Nginx don tura saƙon log ɗin sa zuwa sabar syslog mai nisa.

Idan tsarin ya yi karo, ya kamata ku iya bincika matsalar ta hanyar bincika abubuwan fayilolin log waɗanda aka adana akan sabar syslog na nesa.