本文详细介绍了如何配置rsyslog进行日志集中管理和轮循,包括主从服务器配置、日志过滤规则等,并展示了如何安装配置PHP、Nginx、Redis等服务,以及通过syslog发送日志。
主服务器IP:192.168.1.104
先配置主服务器的rsyslog:
# vim /etc/rsyslog.conf
$ModLoad imuxsock
$SystemLogRateLimitInterval 0 # 关闭速率限制,否则量大的话会有日志被丢弃
$ModLoad imklog
$ModLoad immark
$ModLoad imudp # 开启UDP,nginx会使用
$UDPServerRun 514
$ModLoad imtcp # 开启TCP,从服务器使用
$InputTCPServerRun 514
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
:msg,contains,"Core power limit notification" ~ # 丢弃CPU省电模式通知
:msg,contains,"Core power limit normal" ~
:msg,contains,"Package power limit notification" ~
:msg,contains,"Package power limit normal" ~
*.info;mail.none;authpriv.none;cron.none;local0.none /var/log/messages
:msg,contains,"Accepted publickey for www-data from 192.168.1.104 port" ~ # 丢弃主服务器同步代码时的用户登陆信息
:msg,contains,"pam_unix(sshd:session): session opened for user www-data by (uid=0)" ~
:msg,contains,"Received disconnect from 192.168.1.104: 11: disconnected by user" ~
:msg,contains,"pam_unix(sshd:session): session closed for user www-data" ~
authpriv.*, /var/log/secure
mail.* /var/log/maillog
cron.* /var/log/cron
*.emerg *
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log
if $syslogfacility-text == 'local0' and $syslogtag startswith 'php-fpm' then /var/log/httpd/php-fpm_error.log
if $syslogfacility-text == 'local0' and $syslogtag == 'nginx_access:' then /var/log/httpd/nginx_access.log
if $syslogfacility-text == 'local0' and $syslogtag == 'nginx_error:' then /var/log/httpd/nginx_error.log
if $syslogfacility-text == 'local0' and $syslogtag == 'http-error:' then /var/log/httpd/error.log
if $syslogfacility-text == 'local0' and $syslogtag == 'http-access:' then /var/log/httpd/access.log
if $syslogfacility-text == 'local0' and $syslogtag startswith 'redis' then /var/log/httpd/redis.log
#local0.* /var/log/local0.log
if $syslogfacility-text == 'user' and $syslogtag == 'php:' then /var/log/httpd/php_error.log
if $syslogfacility-text == 'user' and $syslogtag == 'php:' then ~
if $syslogfacility-text == 'user' and $syslogtag startswith 'laravel' then /var/log/httpd/laravel.log
if $syslogfacility-text == 'user' and $syslogtag startswith 'laravel' then ~
user.* /var/log/httpd/user.log
配置从服务器的rsyslog:
$ModLoad imuxsock
$SystemLogRateLimitInterval 0
$ModLoad imklog
$ModLoad immark
$ModLoad imtcp
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
$WorkDirectory /var/lib/rsyslog # where to place spool files
$ActionQueueFileName fwdRule1 # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
$ActionQueueType LinkedList # run asynchronously
$ActionResumeRetryCount -1 # infinite retries if host is down
*.* @@192.168.1.104:514 # 发送到主服务器
配置主服务器的日志轮循,改为每天切换,保留6天的日志:
# vim /etc/logrotate.d/httpd
/var/log/httpd/*log {
daily
rotate 6
missingok
notifempty
sharedscripts
delaycompress
postrotate
/sbin/service httpd reload > /dev/null 2>/dev/null || true
endscript
}
# vim /etc/logrotate.d/syslog
/var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler {
daily
rotate 6
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}
修改原来的apache配置,把日志发到syslog,这里为了指定tag,使用管道发到loggerphp的error_log = syslog,会发送到user这个facility上
# vim /etc/httpd/conf/httpd.conf
ErrorLog "|logger -t http-error -p local0.err"
CustomLog "|logger -t http-access -p local0.info" combined
从服务器上编译安装php7
# yum install cc gcc gcc+ gcc-c++ libxml2 libxml2-devel openssl-devel curl curl-devel
# ./configure --prefix=/usr/local/php7 \
--with-libdir=lib64 \
--with-freetype-dir \
--with-libxml-dir \
--with-png-dir \
--with-curl \
--with-gd \
--with-gettext \
--with-kerberos \
--with-mysqli \
--with-openssl \
--with-pcre-regex \
--with-pdo-mysql \
--with-pdo-sqlite \
--with-pear \
--with-xmlrpc \
--with-zlib \
--enable-fpm --with-fpm-user=www-data --with-fpm-group=www-data\
--enable-bcmath \
--enable-libxml \
--enable-inline-optimization \
--enable-gd-native-ttf \
--enable-mbregex \
--enable-mbstring \
--enable-pcntl \
--enable-shmop \
--enable-soap \
--enable-sockets \
--enable-sysvsem \
--enable-xml \
--enable-zip
# make
# make install
# cp php.ini-development /usr/local/php7/lib/php.ini
# cp /usr/local/php7/etc/php-fpm.conf.default /usr/local/php7/etc/php-fpm.conf
# cp /usr/local/php7/etc/php-fpm.d/www.conf.default /usr/local/php7/etc/php-fpm.d/www.conf
# cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
# chkconfig --add php-fpm
编译安装libmcrypt
编译安装php-mcrypt
# /usr/local/php7/bin/phpize
# ./configure --with-php-config=/usr/local/php7/bin/php-config
# make
# make install
同上操作,编译安装php-redis
修改配置/usr/local/php7/lib/php.ini
error_log = syslog
extension_dir=/usr/local/php7/lib/php/extensions/no-debug-non-zts-20160303/
extension=mcrypt.so
extension=redis.so
修改配置/usr/local/php7/etc/php-fpm.conf
error_log = syslog
syslog.facility = local0
syslog.ident = php-fpm
按自己的需求配置好/usr/local/php7/etc/php-fpm.d/www.conf后,即可启动php-fpm
编译安装pcre,为安装nginx做准备
# ./configure
# make
# make install
# ln -s /lib64/libpcre.so.0.0.1 /lib64/libpcre.so.1
编译安装nginx
# ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
# make
# make install
配置nginx
# vim /usr/local/nginx/conf/nginx.conf
user www-data;
worker_processes 2;
worker_rlimit_nofile 65535;
error_log syslog:server=192.168.1.104,facility=local0,tag=nginx_error;
# 注意:这里是用udp端口,默认514,所以主服务器rsyslog要开udp支持
pid /var/run/nginx.pid;
events {
worker_connections 1024;
use epoll;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log syslog:server=192.168.1.104,facility=local0,tag=nginx_access main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
gzip on;
server {
listen 81; #80已经被apache用了
#server_name localhost;
root /var/www/laravel/public;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location ~ \.php$ {
try_files $uri /index.php =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
}
添加nginx启动脚本到/etc/init.d/nginx
#!/bin/sh
#
# nginx Startup script for nginx
#
# chkconfig: - 85 15
# processname: nginx
# config: /etc/nginx/nginx.conf
# config: /etc/sysconfig/nginx
# pidfile: /var/run/nginx.pid
# description: nginx is an HTTP and reverse proxy server
#
### BEGIN INIT INFO
# Provides: nginx
# Required-Start: $local_fs $remote_fs $network
# Required-Stop: $local_fs $remote_fs $network
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: start and stop nginx
### END INIT INFO
# Source function library.
. /etc/rc.d/init.d/functions
if [ -L $0 ]; then
initscript=`/bin/readlink -f $0`
else
initscript=$0
fi
sysconfig=`/bin/basename $initscript`
if [ -f /etc/sysconfig/$sysconfig ]; then
. /etc/sysconfig/$sysconfig
fi
nginx=${NGINX-/usr/local/nginx/sbin/nginx}
prog=`/bin/basename $nginx`
conffile=${CONFFILE-/usr/local/nginx/conf/nginx.conf}
lockfile=${LOCKFILE-/var/lock/subsys/nginx}
pidfile=${PIDFILE-/var/run/nginx.pid}
SLEEPMSEC=${SLEEPMSEC-200000}
UPGRADEWAITLOOPS=${UPGRADEWAITLOOPS-5}
RETVAL=0
start() {
echo -n $"Starting $prog: "
daemon --pidfile=${pidfile} ${nginx} -c ${conffile}
RETVAL=$?
echo
[ $RETVAL = 0 ] && touch ${lockfile}
return $RETVAL
}
stop() {
echo -n $"Stopping $prog: "
killproc -p ${pidfile} ${prog}
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile}
}
reload() {
echo -n $"Reloading $prog: "
killproc -p ${pidfile} ${prog} -HUP
RETVAL=$?
echo
}
upgrade() {
oldbinpidfile=${pidfile}.oldbin
configtest -q || return
echo -n $"Starting new master $prog: "
killproc -p ${pidfile} ${prog} -USR2
echo
for i in `/usr/bin/seq $UPGRADEWAITLOOPS`; do
/bin/usleep $SLEEPMSEC
if [ -f ${oldbinpidfile} -a -f ${pidfile} ]; then
echo -n $"Graceful shutdown of old $prog: "
killproc -p ${oldbinpidfile} ${prog} -QUIT
RETVAL=$?
echo
return
fi
done
echo $"Upgrade failed!"
RETVAL=1
}
configtest() {
if [ "$#" -ne 0 ] ; then
case "$1" in
-q)
FLAG=$1
;;
*)
;;
esac
shift
fi
${nginx} -t -c ${conffile} $FLAG
RETVAL=$?
return $RETVAL
}
rh_status() {
status -p ${pidfile} ${nginx}
}
# See how we were called.
case "$1" in
start)
rh_status >/dev/null 2>&1 && exit 0
start
;;
stop)
stop
;;
status)
rh_status
RETVAL=$?
;;
restart)
configtest -q || exit $RETVAL
stop
start
;;
upgrade)
rh_status >/dev/null 2>&1 || exit 0
upgrade
;;
condrestart|try-restart)
if rh_status >/dev/null 2>&1; then
stop
start
fi
;;
force-reload|reload)
reload
;;
configtest)
configtest
;;
*)
echo $"Usage: $prog {start|stop|restart|condrestart|try-restart|force-reload|upgrade|reload|status|help|configtest}"
RETVAL=2
esac
exit $RETVAL
添加到启动服务中
# chkconfig --add nginx之前使用memcached,一个月左右memcached就会挂掉,不知道是不是版本问题,这次就使用redis来做缓存,先安装redis默认使用的jemalloc
# ./autogen.sh
# ./configure -prefix=/usr/local/jemalloc
安装redis,如果在安装jemalloc前make了redis报错找不到jemalloc.h,就删掉目录重新解压再make
# make
# make install PREFIX=/usr/local/redis
# cp redis.conf /usr/local/redis/
# vim /usr/local/redis/redis.conf
daemonize yes # 改为yes,在后台运行
#bind 127.0.0.1 # 注释掉这里,否则只能本机访问
protected-mode no # 改为no,否则只能本机访问
syslog-enabled yes # 使用syslog记录日志
syslog-ident redis
syslog-facility local0
# cp utils/redis_init_script /etc/init.d/redis
# vim /etc/init.d/redis
// 添加chkconfig支持
# chkconfig: 2345 63 35
# description: Redis
// 修改默认路径
EXEC=/usr/local/redis/bin/redis-server
CLIEXEC=/usr/local/redis/bin/redis-cli
CONF="/usr/local/redis/redis.conf"
# chkconfig --add redis // 添加到服务中
到这安装配置就都完成了,几个要注意的坑:
1.nginx的syslog用的是UDP端口,默认为514
2.redis默认使用jemalloc分配内存,需要先安装
3.redis配置中bind 127.0.0.1要注释,protected-mode要设为no,否则只能本机访问,或者需要设置密码
4.有些软件发syslog时,tag会加上[pid],则判断时使用startswith比较稳妥
5.rsyslog的规则是只要匹配就都会记录,并不是匹配到之后后面的规则就无效了
6.安装php扩展时,大多需要先安装一些库,并且需要库的头文件,所以yum安装时把库-devel也一起装上
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
