Centos6.5 deploys Rsyslog-log storage method

Others 2022-04-27 21:54:32 views: 0

1. Named after IP address

Add the following configuration to /etc/rsyslog.conf and make a note. After adding these three lines of configuration, the remote log will be output to a log file named by IP.

#IP format by zhz at xxxx-xx-xx
$template IpTemplate,"/var/log/%FROMHOST-IP%.log"  
*.*  ?IpTemplate  
& ~

2. Device name & date

The default log polling of Rsyslog is one week, and it is saved for 4 weeks. If the log is generated in production, or the number of devices is too large, the query will encounter obstacles. At this time, we choose to name the log with the device name and date. , where the unit is days, and one copy is stored every day. Add the following configuration to /etc/rsyslog.conf and make a note.

#Divided by prefecture and city,end by date.

#province
$EscapeControlCharactersOnReceive off     
$template PRO-SW-01,"/var/log/province/PRO-SW-01_log.%$year%-%$month%-%$day%"      
$template myFormat,"%msg%\n"
:rawmsg,contains,"PRO-SW-01"  -?PRO-SW-01;myFormat

$EscapeControlCharactersOnReceive off
$template PRO-QR-01,"/var/log/province/PRO-QR-01_log.%$year%-%$month%-%$day%"
$template myFormat,"%msg%\n"
:rawmsg,contains,"PRO-QR-01"  -?PRO-QR-01;myFormat

#huawei-route
$EscapeControlCharactersOnReceive off     
$template City--QR-01,"/var/log/NE40X3/City-QR-01_log.%$year%-%$month%-%$day%"      
$template myFormat,"%msg%\n"
:rawmsg,contains,"City--QR-01"  -?City--QR-01;myFormat

#h3c-route
$EscapeControlCharactersOnReceive off     
$template City-SR-01,"/var/log/SR/City-SR-01_log.%$year%-%$month%-%$day%"      
$template myFormat,"%msg%\n"
:rawmsg,contains,"City-SR-01"  -?City-SR-01;myFormat

#huawei-sw

$EscapeControlCharactersOnReceive off     
$template City-SW-01,"/var/log/S5756/City-SW-01_log.%$year%-%$month%-%$day%"      
$template myFormat,"%msg%\n"
:rawmsg,contains,"City-SW-01"  -?City-SW-01;myFormat

 3. Use the default storage method

If the default method is adopted, that is, the polling unit is weekly, and it is stored for 4 weeks.

4. Log backup

No matter which method is adopted, obviously if there is only one log host, there will be a single point of failure. To solve this problem, we push the collected logs to the Backup server by means of regular backups. I use rsync here.

The idea is as follows:

  Through the local package backup, the rsync application uniformly backs up the log data to a fixed storage server, detects and notifies the administrator of the backup result through the script.

For knowledge of rysnc, please refer to this blog:

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=325862120&siteId=291194637
Recommended
Open Source Daily | Angular v18; Inference optimization under large model price war; Mistral AI targets the US market with open source models; Silicon Valley has its own Lu Xun
Ranking
ACM summary twelve
Understand high performance and high concurrency from the root (2): Deepen the operating system, understand I/O and zero-copy technology
Ali cloud OSS web end of the forward pass is not dependent on official pupload plug
ServiceMesh study notes 20200418
Complete Guide to BERT Model Distillation (Principle & Technique & Code)
With Nginx proxy requests, the front and rear side cross-domain processing
Digital twin museum solution
How to be a good project manager of R&D projects
ssh:ssh-agent、ssh-add
解决mac ida在中文输入状态下crash问题
Daily
More
2024-05-29(1)
2024-05-28(1)
2024-05-27(1)
2024-05-26(0)
2024-05-25(3)
2024-05-24(12)
2024-05-23(35)
2024-05-22(9)
2024-05-21(35)
2024-05-20(5)

Code World

© 2018 codetd.com