Linux系统之部署Rsyslog 日志服务器

时间:2021-01-15 01:23:43

(Linux系统之部署Rsyslog 日志服务器)

一、检查服务器系统版本

[root@master ~]# cat /etc/os-release 
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"


二、在master节点上配置

1.修改/etc/rsyslog.conf

取消以下几行注释

Linux系统之部署Rsyslog 日志服务器

2.开启日志服务

[root@master ~]# systemctl start rsyslog
[root@master ~]# systemctl enable rsyslog

3.查看日志服务状态

[root@master ~]# systemctl status rsyslog
● rsyslog.service - System Logging Service
   Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2022-10-26 15:06:24 CST; 2h 47min ago
     Docs: man:rsyslogd(8)
           http://www.rsyslog.com/doc/
 Main PID: 7775 (rsyslogd)
   CGroup: /system.slice/rsyslog.service
           └─7775 /usr/sbin/rsyslogd -n

Oct 26 15:06:18 master systemd[1]: Starting System Logging Service...
Oct 26 15:06:24 master rsyslogd[7775]:  [origin software="rsyslogd" swVersion="8.24.0-34.el7" x-p x-info="http://www.rsyslog.com"] start
Oct 26 15:06:24 master systemd[1]: Started System Logging Service.
Hint: Some lines were ellipsized, use -l to show in full.

4.关闭防火墙

[root@master ~]# systemctl disable firewalld
[root@master ~]# systemctl stop  firewalld

三、在node节点操作

1.编辑/etc/rsyslog.conf

将 info 级别日志传送到日志服务器

Linux系统之部署Rsyslog 日志服务器

2.重启日志服务

systemctl restart rsyslog

四、在master日志服务器查看node节点日志信息

[root@master ~]# tail /var/log/messages
Oct 26 18:07:23 master systemd: Stopped System Logging Service.
Oct 26 18:07:23 master systemd: Starting System Logging Service...
Oct 26 18:07:23 master rsyslogd: [origin software="rsyslogd" swVersion="8.24.0-34.el7" x-p x-info="http://www.rsyslog.com"] start
Oct 26 18:07:23 master systemd: Started System Logging Service.
Oct 26 18:07:16 node01 systemd: Stopping System Logging Service...
Oct 26 18:07:16 node01 rsyslogd: [origin software="rsyslogd" swVersion="8.24.0-34.el7" x-p x-info="http://www.rsyslog.com"] exiting on signal 15.
Oct 26 18:07:16 node01 systemd: Stopped System Logging Service.
Oct 26 18:07:16 node01 systemd: Starting System Logging Service...
Oct 26 18:07:16 node01 rsyslogd: [origin software="rsyslogd" swVersion="8.24.0-34.el7" x-p x-info="http://www.rsyslog.com"] start
Oct 26 18:07:16 node01 systemd: Started System Logging Service.

Linux系统之部署Rsyslog 日志服务器

五、修改日志文件主机名为 IP 地址

1.mster节点修改/etc/rsyslog.conf

新增以下内容,注释原来默认模板

$template TraditionalFileFormat,"%TIMESTAMP% %FROMHOST-IP% %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n"
$ActionFileDefaultTemplate TraditionalFileFormat


Linux系统之部署Rsyslog 日志服务器

2.重启日志服务

systemctl restart rsyslog

4.在node节点重启rsyslog相关服务

在node节点重启rsyslog服务和ssh服务

[root@node01 ~]# systemctl restart rsyslog
[root@node01 ~]# systemctl restart sshd


5.在master日志服务器查看日志效果

[root@master ~]# tail  /var/log/messages
Oct 26 18:28:58 192.168.3.91 image-cri-shim: 2022-10-26T18:28:58 #033[34minfo#033[0m #033[34mdomain: k8s.gcr.io, imageName: pause:3.7, action: ImageStatus#033[0m
Oct 26 18:28:58 192.168.3.91 image-cri-shim: 2022-10-26T18:28:58 #033[34minfo#033[0m #033[34maddress: http://sealos.hub:5000, base64: YWRtaW46cGFzc3cwcmQ=, imageName: pause#033[0m
Oct 26 18:28:58 192.168.3.91 image-cri-shim: 2022-10-26T18:28:58 #033[34minfo#033[0m #033[34mpre image name: pause, pre image tag: 3.7#033[0m
Oct 26 18:29:21 127.0.0.1 registry: time="2022-10-26T18:29:21.527136696+08:00" level=info msg="authorized request" go.version=go1.16.15 http.request.host="sealos.hub:5000" http.request.id=6d08c26d-a4fd-454c-a850-0c5c17a53d31 http.request.method=GET http.request.remoteaddr="192.168.3.91:38332" http.request.uri="/v2/pause/tags/list" http.request.useragent="kube-probe/v0.0.0-master+unknown" vars.name=pause
Oct 26 18:29:21 127.0.0.1 registry: time="2022-10-26T18:29:21.527326642+08:00" level=info msg="response completed" go.version=go1.16.15 http.request.host="sealos.hub:5000" http.request.id=6d08c26d-a4fd-454c-a850-0c5c17a53d31 http.request.method=GET http.request.remoteaddr="192.168.3.91:38332" http.request.uri="/v2/pause/tags/list" http.request.useragent="kube-probe/v0.0.0-master+unknown" http.response.contenttype="application/json; charset=utf-8" http.response.duration=59.004744ms http.response.status=200 http.response.written=32
Oct 26 18:29:21 127.0.0.1 registry: 192.168.3.91 - - [26/Oct/2022:18:29:21 +0800] "GET /v2/pause/tags/list HTTP/1.1" 200 32 "" "kube-probe/v0.0.0-master+unknown"
Oct 26 18:28:58 192.168.3.91 image-cri-shim: 2022-10-26T18:28:58 #033[34minfo#033[0m #033[34mdata: {"name":"pause","tags":["3.7"]}
Oct 26 18:28:58 192.168.3.91 image-cri-shim: #033[0m
Oct 26 18:28:58 192.168.3.91 image-cri-shim: 2022-10-26T18:28:58 #033[34minfo#033[0m #033[34mimageTag found in registry.Tags#033[0m
Oct 26 18:28:58 192.168.3.91 image-cri-shim: 2022-10-26T18:28:58 #033[34minfo#033[0m #033[34mbegin image: k8s.gcr.io/pause:3.7, after image: sealos.hub:5000/pause:3.7, action: ImageStatus#033[0m

Linux系统之部署Rsyslog 日志服务器