Log centralizzato e fault tolerant con rsyslog: Difference between revisions
Jump to navigation
Jump to search
Created page with "* Con rsyslog, è possibile far loggare un client verso un server centrale. In caso di indisponibilità del server centrale, tramite il modulo relp, il logging verrà conserva..." |
mNo edit summary |
||
| (One intermediate revision by the same user not shown) | |||
| Line 3: | Line 3: | ||
=Server= | =Server= | ||
* Installare rsyslog ed il pacchetto relp | |||
sudo apt-get install | sudo apt-get install rsyslog rsyslog-relp | ||
* Impostare relp sulla porta 20154 | |||
<pre> | |||
cat | sudo tee /etc/rsyslog.d/relpserver.conf <<'EOFile' | cat | sudo tee /etc/rsyslog.d/relpserver.conf <<'EOFile' | ||
$ModLoad imrelp # Load the input module ('im') 'relp' | $ModLoad imrelp # Load the input module ('im') 'relp' | ||
$InputRELPServerRun 20514 # Set the port to 20514 | $InputRELPServerRun 20514 # Set the port to 20514 | ||
EOFile | EOFile | ||
</pre> | |||
* Riavviare rsyslog | |||
sudo invoke-rc.d rsyslog restart | sudo invoke-rc.d rsyslog restart | ||
sudo netstat -anp | grep 20514 | * Controlalre che il modulo sia in ascolto | ||
sudo netstat -anp | grep 20514 | |||
tcp 0 0 0.0.0.0:20514 0.0.0.0:* LISTEN 15701/rsyslogd | tcp 0 0 0.0.0.0:20514 0.0.0.0:* LISTEN 15701/rsyslogd | ||
tcp6 0 0 :::20514 :::* LISTEN 15701/rsyslogd | tcp6 0 0 :::20514 :::* LISTEN 15701/rsyslogd | ||
telnet | * Verificare di poter accedere anche da remoto | ||
telnet server.example.com 20514 | |||
<pre> | |||
Trying ::1... | Trying ::1... | ||
Connected to localhost. | Connected to localhost. | ||
| Line 26: | Line 34: | ||
0 serverclose 0 | 0 serverclose 0 | ||
Connection closed by foreign host. | Connection closed by foreign host. | ||
</pre> | |||
* Se si vuole che gli host remoti vengano loggati separatamente dal log di sistema, inserire questa regole, che deve essere la '''PRIMA''' caricata (ordine alfabetico in /etc/rsyslog.d): | |||
<pre> | |||
cat | sudo tee /etc/rsyslog.d/00remotes.conf <<'EOFile | |||
$template RemoteHost,"/var/log/remote-hosts/%HOSTNAME%/syslog" | |||
#if rule to call RemoteHost template | |||
if ($hostname != 'galstorage01') then ?RemoteHost | |||
& ~ | |||
EOFile | |||
</pre> | |||
* Riavviare rsyslog | |||
sudo invoke-rc.d rsyslog restart | |||
* '''ATTENZIONE: è possibile che la directory remotes-hosts ed i file di log remoti vengano creati con un certo ritardo''' | |||
==Riferimenti== | |||
*[http://serverfault.com/questions/383530/rsyslog-how-do-i-direct-messages-from-all-remote-machines-to-one-file linux - rsyslog: How do I direct messages from all remote machines to one file? - Server Fault] | |||
*[http://www.thegeekstuff.com/2012/01/rsyslog-remote-logging/ How to Setup Rsyslog Remote Logging on Linux (Central Log Server)] | |||
*[http://www.rsyslog.com/article60/ How to separate log files by host name of sending device?] | |||
*[http://www.linux.com/community/forums/productivity/prevent-rsyslog-from-writing-messages-from-remote-hosts-to-var-log-messages Prevent rsyslog from writing messages from remote hosts to /var/log/messages | Linux.com] | |||
*[http://www.rsyslog.com/storing-messages-from-a-remote-system-into-a-specific-file/ Storing Messages from a Remote System into a specific File] | |||
=Client= | =Client= | ||
sudo apt-get install rsyslog-relp | * Installare i pacchetti | ||
sudo apt-get install rsyslog rsyslog-relp | |||
* Configurare il modulo, ''IMPOSTANDO IL NOME DEL SERVER RSYSLOG''': | |||
<pre> | |||
cat | sudo tee /etc/rsyslog.d/relpclient.conf <<'EOFile' | cat | sudo tee /etc/rsyslog.d/relpclient.conf <<'EOFile' | ||
$ModLoad omrelp | $ModLoad omrelp | ||
| Line 36: | Line 72: | ||
$ActionResumeRetryCount -1 # infinite retries on insert failure | $ActionResumeRetryCount -1 # infinite retries on insert failure | ||
$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down | $ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down | ||
*.* :omrelp: | *.* :omrelp:server.example.com:20514;RSYSLOG_ForwardFormat | ||
EOFile | EOFile | ||
</pre> | |||
*Riavviare rsyslog: | |||
sudo invoke-rc.d rsyslog restart | sudo invoke-rc.d rsyslog restart | ||
* Testare: | |||
logger This is a Catalog test | logger This is a Catalog test | ||
Latest revision as of 14:49, 3 July 2014
- Con rsyslog, è possibile far loggare un client verso un server centrale. In caso di indisponibilità del server centrale, tramite il modulo relp, il logging verrà conservato in locale, ed alla riconnessione, verrà scritto.
Server
- Installare rsyslog ed il pacchetto relp
sudo apt-get install rsyslog rsyslog-relp
- Impostare relp sulla porta 20154
cat | sudo tee /etc/rsyslog.d/relpserver.conf <<'EOFile'
$ModLoad imrelp # Load the input module ('im') 'relp'
$InputRELPServerRun 20514 # Set the port to 20514
EOFile
- Riavviare rsyslog
sudo invoke-rc.d rsyslog restart
- Controlalre che il modulo sia in ascolto
sudo netstat -anp | grep 20514
tcp 0 0 0.0.0.0:20514 0.0.0.0:* LISTEN 15701/rsyslogd tcp6 0 0 :::20514 :::* LISTEN 15701/rsyslogd
- Verificare di poter accedere anche da remoto
telnet server.example.com 20514
Trying ::1... Connected to localhost. Escape character is '^]'. 0 serverclose 0 Connection closed by foreign host.
- Se si vuole che gli host remoti vengano loggati separatamente dal log di sistema, inserire questa regole, che deve essere la PRIMA caricata (ordine alfabetico in /etc/rsyslog.d):
cat | sudo tee /etc/rsyslog.d/00remotes.conf <<'EOFile $template RemoteHost,"/var/log/remote-hosts/%HOSTNAME%/syslog" #if rule to call RemoteHost template if ($hostname != 'galstorage01') then ?RemoteHost & ~ EOFile
- Riavviare rsyslog
sudo invoke-rc.d rsyslog restart
- ATTENZIONE: è possibile che la directory remotes-hosts ed i file di log remoti vengano creati con un certo ritardo
Riferimenti
- linux - rsyslog: How do I direct messages from all remote machines to one file? - Server Fault
- How to Setup Rsyslog Remote Logging on Linux (Central Log Server)
- How to separate log files by host name of sending device?
- Prevent rsyslog from writing messages from remote hosts to /var/log/messages | Linux.com
- Storing Messages from a Remote System into a specific File
Client
- Installare i pacchetti
sudo apt-get install rsyslog rsyslog-relp
- Configurare il modulo, IMPOSTANDO IL NOME DEL SERVER RSYSLOG':
cat | sudo tee /etc/rsyslog.d/relpclient.conf <<'EOFile' $ModLoad omrelp $ActionQueueType LinkedList # use asynchronous processing $ActionQueueFileName srvrfwd # set file name, also enables disk mode $ActionResumeRetryCount -1 # infinite retries on insert failure $ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down *.* :omrelp:server.example.com:20514;RSYSLOG_ForwardFormat EOFile
- Riavviare rsyslog:
sudo invoke-rc.d rsyslog restart
- Testare:
logger This is a Catalog test