Apache日志配置远程Syslog采集
1、安装Apache(httpd)
[root@node2 ~]# yum install -y httpd
[root@node2 ~]# systemctl start httpd查看httpd日志
[root@node2 ~]# cd /var/log/httpd
[root@node2 httpd]# ll
total 8
-rw-r--r-- 1 root root 1334 Apr 26 16:03 access_log
-rw-r--r-- 1 root root 1976 Apr 26 16:03 error_log
[root@node2 httpd]# 2、初始化日志采集环境
[root@bigdata05-test ~]# mkdir -v /var/spool/rsyslog
mkdir: created directory ‘/var/spool/rsyslog’
[root@bigdata05-test ~]#3、创建Apahce日志文件采集配置
(1)/etc/rsyslog.conf配置文件默认已经开启包含 /etc/rsyslog.d/目录下所有conf类型的文件
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf(2)新建Rsyslog的子配置文件
[root@node2 ~]# vim /etc/rsyslog.d/apache-biglog.conf
[root@node2 ~]# cat /etc/rsyslog.d/apache-biglog.conf
$ModLoad imfile
$InputFilePollInterval 10
$WorkDirectory /var/spool/rsyslog
$PrivDropToGroup adm
## Apache访问日志文件路径,根据实际情况修改:
$InputFileName /var/log/httpd/access.log
$InputFileTag apache-access:
$InputFileStateFile stat-apache-access
$InputFileSeverity info
$InputFilePersistStateInterval 25000
$InputRunFileMonitor
## Apache错误日志文件路径,根据实际情况修改:
$InputFileName /var/log/httpd/error.log
$InputFileTag apache-error:
$InputFileStateFile stat-apache-error
$InputFileSeverity error
$InputFilePersistStateInterval 25000
$InputRunFileMonitor
## 指定日志格式模板:
$template BiglogFormatApache,"%msg%\n"
## 注意syslog日志服务器接收地址,根据实际情况修改:
if $programname == 'apache-access' then @node1:514;BiglogFormatApache
if $programname == 'apache-access' then ~
if $programname == 'apache-error' then @node1:514;BiglogFormatApache
if $programname == 'apache-error' then ~
[root@node2 ~]# 4、重启Rsyslog服务,日志采集开始工作
[root@node2 ~]# systemctl restart rsyslog发现logstash端node1输出如下信息:
{
"message" => "Registered Authentication Agent for unix-process:7455:60321456 (system bus name :1.2588 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.utf8)\n",
"severity" => 5,
"@version" => "1",
"facility_label" => "security/authorization",
"@timestamp" => 2018-04-26T08:12:46.000Z,
"severity_label" => "Notice",
"program" => "polkitd",
"priority" => 85,
"timestamp" => "Apr 26 16:12:46",
"logsource" => "node2",
"host" => "10.17.12.157",
"pid" => "762",
"type" => "rsyslog",
"facility" => 10
}
{
"message" => "Stopping The Apache HTTP Server...\n",
"severity" => 6,
"@version" => "1",
"facility_label" => "system",
"@timestamp" => 2018-04-26T08:12:46.000Z,
"severity_label" => "Informational",
"program" => "systemd",
"priority" => 30,
"timestamp" => "Apr 26 16:12:46",
"logsource" => "node2",
"host" => "10.17.12.157",
"type" => "rsyslog",
"facility" => 3
}
{
"message" => "Starting The Apache HTTP Server...\n",
"severity" => 6,
"@version" => "1",
"facility_label" => "system",
"@timestamp" => 2018-04-26T08:12:47.000Z,
"severity_label" => "Informational",
"program" => "systemd",
"priority" => 30,
"timestamp" => "Apr 26 16:12:47",
"logsource" => "node2",
"host" => "10.17.12.157",
"type" => "rsyslog",
"facility" => 3
}
{
"message" => "AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.17.12.157. Set the 'ServerName' directive globally to suppress this message\n",
"severity" => 6,
"@version" => "1",
"facility_label" => "system",
"@timestamp" => 2018-04-26T08:12:47.000Z,
"severity_label" => "Informational",
"program" => "httpd",
"priority" => 30,
"timestamp" => "Apr 26 16:12:47",
"logsource" => "node2",
"host" => "10.17.12.157",
"type" => "rsyslog",
"facility" => 3
}
{
"message" => "Started The Apache HTTP Server.\n",
"severity" => 6,
"@version" => "1",
"facility_label" => "system",
"@timestamp" => 2018-04-26T08:12:47.000Z,
"severity_label" => "Informational",
"program" => "systemd",
"priority" => 30,
"timestamp" => "Apr 26 16:12:47",
"logsource" => "node2",
"host" => "10.17.12.157",
"type" => "rsyslog",
"facility" => 3
}
{
"message" => "Unregistered Authentication Agent for unix-process:7455:60321456 (system bus name :1.2588, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.utf8) (disconnected from bus)\n",
"severity" => 5,
"@version" => "1",
"facility_label" => "security/authorization",
"@timestamp" => 2018-04-26T08:12:47.000Z,
"severity_label" => "Notice",
"program" => "polkitd",
"priority" => 85,
"timestamp" => "Apr 26 16:12:47",
"logsource" => "node2",
"host" => "10.17.12.157",
"pid" => "762",
"type" => "rsyslog",
"facility" => 10
}本文参与 腾讯云自媒体同步曝光计划,分享自作者个人站点/博客。
原始发表:2018-04-26,如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读
目录
相关产品与服务
云服务器
云服务器(Cloud Virtual Machine,CVM)提供安全可靠的弹性计算服务。 您可以实时扩展或缩减计算资源,适应变化的业务需求,并只需按实际使用的资源计费。使用 CVM 可以极大降低您的软硬件采购成本,简化 IT 运维工作。
腾讯云开发者
