This article is how to setup Central Log Server to collect rsyslog from unlike Linux motorcar together with analysis them from a Central location..
What is Syslog Server is used for :-
Central Syslog server is the master copy requirement of a Linux Administrator, It aid to an Administrator analysis rsyslog fourth dimension to fourth dimension together with validate is everything going inward good fashion amongst server.
Requirement:- In my Case I am using Ubuntu 16.04 TLS
1- Central Log Server :- 192.168.138.129
2- Linux Web01 Server :- 192.168.138.132
3- Linux Web02 Server :- 192.168.138.133
Steps :-
Central Server Side Configuration :-
Check rsyslog packet using ascendence dpkg.
root@LXD: # dpkg --list rsyslog
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-=========================================-=========================-=========================-=======================================================================================
ii rsyslog 8.16.0-1ubuntu3 amd64 reliable organization together with kernel logging daemon
root@LXD: #
By-default rsyslog packet come upward pre-installed. If non be install using below command.
root@LXD: # apt install rsyslog
Now brand required changes inward rsyslog.conf file. Open file together with add together highlighted employment below.
root@LXD: # vi /etc/rsyslog.conf
# /etc/rsyslog.conf Configuration file for rsyslog.
#
# For to a greater extent than data see
# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#
# Default logging rules tin mail away move flora inward /etc/rsyslog.d/50-default.conf
#################
#### MODULES ####
#################
module(load="imuxsock") # provides back upward for local organization logging
module(load="imklog") # provides nitty-gritty logging support
#module(load="immark") # provides --MARK-- message capability
# provides back upward for local organization logging
$ModLoad imuxsock
# provides nitty-gritty logging back upward (previously done past times rklogd)
$ModLoad imklog
# provides UDP syslog reception. For TCP, charge imtcp.
$ModLoad imudp
# For TCP, InputServerRun 514
$UDPServerRun 514
# This ane is the template to generate the log filename dynamically, depending on the client's IP address.
$template FILENAME,"/var/log/centrallog/%HOSTNAME%/syslog.log"
# Log all messages to the dynamically formed file. Now each clients log (192.168.138.132, 192.168.138.133, etc...), will move nether a assort directory which is formed past times the template FILENAME.
*.* ?FILENAME
# provides UDP syslog reception
#module(load="imudp")
#input(type="imudp" port="514")
# provides TCP syslog reception
#module(load="imtcp")
#input(type="imtcp" port="514")
# Enable non-kernel facility klog messages
$KLogPermitNonKernelFacility on
###########################
#### GLOBAL DIRECTIVES ####
###########################
Save together with Exit from File
Restart rsyslog service
root@LXD: # systemctl restart rsyslog
We accept define log path - /var/log/centrallog/
You volition come across Central Log server log file volition move at that spot amongst hostname, Check through below command.
root@LXD: # ls -l /var/log/centrallog/
total 4
drwx------ ii syslog syslog 4096 Jul 25 15:23 LXD
Client Server Configuration :-
Client End Configuration demand to add together next lines, larn to web01 server together with made below changes.
root@web01: # vi /etc/rsyslog.conf
ModLoad imuxsock
$ModLoad imklog
# Provides UDP forwarding. The IP is the server's IP address
*.* @192.168.138.129:514
Save together with leave of absence from file.
ModLoad imuxsock
$ModLoad imklog
# Provides UDP forwarding. The IP is the server's IP address
*.* @192.168.138.129:514
root@LXD: # tail -f /var/log/centrallog/web01/syslog.log
2016-07-25T15:38:07+05:30 web01 systemd[1]: Starting System Logging Service...
2016-07-25T15:38:09+05:30 web01 systemd[1]: Started System Logging Service.
2016-07-25T15:38:09+05:30 web01 rsyslogd-2039: Could non opened upward output pipage '/dev/xconsole':: No such file or directory [v8.16.0 endeavor http://www.rsyslog.com/e/2039 ]
2016-07-25T15:38:09+05:30 web01 rsyslogd-2007: activity 'action 15' suspended, adjacent retry is Monday Jul 25 15:38:39 2016 [v8.16.0 endeavor http://www.rsyslog.com/e/2007 ]
2016-07-25T15:39:01+05:30 web01 CRON[1254]: pam_unix(cron:session): session opened for user origin past times (uid=0)
2016-07-25T15:39:01+05:30 web01 CRON[1255]: (root) CMD ( [ -x /usr/lib/php/sessionclean ] && /usr/lib/php/sessionclean)
2016-07-25T15:39:01+05:30 web01 CRON[1254]: pam_unix(cron:session): session shut for user root
2016-07-25T15:39:45+05:30 web01 dhclient[279]: DHCPREQUEST of 192.168.138.132 on eth0 to 192.168.138.254 port 67 (xid=0x5c3e468d)
2016-07-25T15:39:45+05:30 web01 dhclient[279]: DHCPACK of 192.168.138.132 from 192.168.138.254
2016-07-25T15:39:45+05:30 web01 dhclient[279]: fountain to 192.168.138.132 -- renewal inward 717 seconds
Sumber https://linuxhowtoguide.blogspot.com/
What is Syslog Server is used for :-
Central Syslog server is the master copy requirement of a Linux Administrator, It aid to an Administrator analysis rsyslog fourth dimension to fourth dimension together with validate is everything going inward good fashion amongst server.
Requirement:- In my Case I am using Ubuntu 16.04 TLS
1- Central Log Server :- 192.168.138.129
2- Linux Web01 Server :- 192.168.138.132
3- Linux Web02 Server :- 192.168.138.133
Steps :-
Central Server Side Configuration :-
Check rsyslog packet using ascendence dpkg.
root@LXD: # dpkg --list rsyslog
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-=========================================-=========================-=========================-=======================================================================================
ii rsyslog 8.16.0-1ubuntu3 amd64 reliable organization together with kernel logging daemon
root@LXD: #
By-default rsyslog packet come upward pre-installed. If non be install using below command.
root@LXD: # apt install rsyslog
Now brand required changes inward rsyslog.conf file. Open file together with add together highlighted employment below.
root@LXD: # vi /etc/rsyslog.conf
# /etc/rsyslog.conf Configuration file for rsyslog.
#
# For to a greater extent than data see
# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#
# Default logging rules tin mail away move flora inward /etc/rsyslog.d/50-default.conf
#################
#### MODULES ####
#################
module(load="imuxsock") # provides back upward for local organization logging
module(load="imklog") # provides nitty-gritty logging support
#module(load="immark") # provides --MARK-- message capability
# provides back upward for local organization logging
$ModLoad imuxsock
# provides nitty-gritty logging back upward (previously done past times rklogd)
$ModLoad imklog
# provides UDP syslog reception. For TCP, charge imtcp.
$ModLoad imudp
# For TCP, InputServerRun 514
$UDPServerRun 514
# This ane is the template to generate the log filename dynamically, depending on the client's IP address.
$template FILENAME,"/var/log/centrallog/%HOSTNAME%/syslog.log"
# Log all messages to the dynamically formed file. Now each clients log (192.168.138.132, 192.168.138.133, etc...), will move nether a assort directory which is formed past times the template FILENAME.
*.* ?FILENAME
# provides UDP syslog reception
#module(load="imudp")
#input(type="imudp" port="514")
# provides TCP syslog reception
#module(load="imtcp")
#input(type="imtcp" port="514")
# Enable non-kernel facility klog messages
$KLogPermitNonKernelFacility on
###########################
#### GLOBAL DIRECTIVES ####
###########################
#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the next line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# Filter duplicated messages
$RepeatedMsgReduction on
#
# Set the default permissions for all log files.
#
$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$PrivDropToUser syslog
$PrivDropToGroup syslog
#
# Where to house spool together with soil files
#
$WorkDirectory /var/spool/rsyslog
#
# Include all config files inward /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf
Restart rsyslog service
root@LXD: # systemctl restart rsyslog
We accept define log path - /var/log/centrallog/
You volition come across Central Log server log file volition move at that spot amongst hostname, Check through below command.
root@LXD: # ls -l /var/log/centrallog/
total 4
drwx------ ii syslog syslog 4096 Jul 25 15:23 LXD
Client Server Configuration :-
Client End Configuration demand to add together next lines, larn to web01 server together with made below changes.
root@web01: # vi /etc/rsyslog.conf
$ModLoad imklog
# Provides UDP forwarding. The IP is the server's IP address
*.* @192.168.138.129:514
Save together with leave of absence from file.
Restart rsyslog service
root@web01: # systemctl restart rsyslog
Now larn to Central log server together with run below ascendence to come across web01 hostname file within log path folder.
root@LXD: # ls -l /var/log/centrallog/
full 8
drwx------ ii syslog syslog 4096 Jul 25 15:23 LXD
drwx------ ii syslog syslog 4096 Jul 25 15:38 web01
Logon to web02 server together with add together below employment into rsyslog.conf file.
root@web02: # vi /etc/rsyslog.conf
$ModLoad imklog
# Provides UDP forwarding. The IP is the server's IP address
*.* @192.168.138.129:514
Save together with leave of absence from file.
Restart rsyslog service
root@web02: # systemctl restart rsyslog
Both the Client web01 together with web02 started frontwards logs to Central log server. Use ascendence to come across file together with analysis log file.
root@LXD: # ls -l /var/log/centrallog/
full 12
drwx------ ii syslog syslog 4096 Jul 25 15:23 LXD
drwx------ ii syslog syslog 4096 Jul 25 15:38 web01
drwx------ ii syslog syslog 4096 Jul 25 15:41 web02
To cheque log purpose ascendence Cat or tail.
2016-07-25T15:38:07+05:30 web01 systemd[1]: Starting System Logging Service...
2016-07-25T15:38:09+05:30 web01 systemd[1]: Started System Logging Service.
2016-07-25T15:38:09+05:30 web01 rsyslogd-2039: Could non opened upward output pipage '/dev/xconsole':: No such file or directory [v8.16.0 endeavor http://www.rsyslog.com/e/2039 ]
2016-07-25T15:38:09+05:30 web01 rsyslogd-2007: activity 'action 15' suspended, adjacent retry is Monday Jul 25 15:38:39 2016 [v8.16.0 endeavor http://www.rsyslog.com/e/2007 ]
2016-07-25T15:39:01+05:30 web01 CRON[1254]: pam_unix(cron:session): session opened for user origin past times (uid=0)
2016-07-25T15:39:01+05:30 web01 CRON[1255]: (root) CMD ( [ -x /usr/lib/php/sessionclean ] && /usr/lib/php/sessionclean)
2016-07-25T15:39:01+05:30 web01 CRON[1254]: pam_unix(cron:session): session shut for user root
2016-07-25T15:39:45+05:30 web01 dhclient[279]: DHCPREQUEST of 192.168.138.132 on eth0 to 192.168.138.254 port 67 (xid=0x5c3e468d)
2016-07-25T15:39:45+05:30 web01 dhclient[279]: DHCPACK of 192.168.138.132 from 192.168.138.254
2016-07-25T15:39:45+05:30 web01 dhclient[279]: fountain to 192.168.138.132 -- renewal inward 717 seconds
That's all
!!! Cheers !!!
Tidak ada komentar:
Posting Komentar