CentOS 5 series system comes with syslog 1.4.1
centos6 series with rsyslog version 5.8.10
CentOS 7 series with rsyslog version 7.4.7
At present, the latest version of rsyslog is 8.27.0. rsyslog reconstructs the imfile module from 8.5.0. The wildcard can be supported in the file name.
rsyslog: http://www.rsyslog.com/
To upgrade rsyslog, you need to configure the yum source, and centos does not upgrade to the latest version by default.
1. Configuring yum
To be able to use the RPM repository, you need a. repo file. To use your webbrowser, visit http://rpms.adiscon.com. Here, you can download the rsyslogall.repo file, or go to the required version of the subfolder (such as v8-stable), and then download the rsyslog.repo file from it. (translated by google)
[root@localhost yum.repos.d]# pwd /etc/yum.repos.d [root@localhost yum.repos.d]# ls dvd.repo packagekit-media.repo rhel-source.repo rsyslog.repo [root@localhost yum.repos.d]# cat rsyslog.repo [rsyslog_v8] name=Adiscon CentOS-$releasever - local packages for $basearch baseurl=http://rpms.adiscon.com/v8-stable/epel-$releasever/$basearch enabled=1 gpgcheck=0 gpgkey=http://rpms.adiscon.com/RPM-GPG-KEY-Adiscon protect=1 [root@localhost yum.repos.d]# rpm -qa|grep -i rsyslog rsyslog-5.8.10-10.el6_6.x86_64 [root@localhost yum.repos.d]# yum -y install rsyslog [root@localhost yum.repos.d]# rpm -qa|grep -i rsyslog rsyslog-8.27.0-2.el6.x86_64 [root@localhost yum.repos.d]#
According to the official network document, if the above configuration is copied, the parsing variable may be incorrect and the installation is unsuccessful. At this time, we need to replace the variable "$releasever" in the third line. The value of $releasever represents the current distribution version of the system, which can be viewed through the rpm-qi centos-release command, where Version: 6 is the version number of our system; $base is our system hardware rack. Construct (CPU instruction set) using the command arch.
[root@localhost yum.repos.d]# rpm -qi centos-release Name : centos-release Relocations: (not relocatable) Version : 6 Vendor: CentOS Release : 5.el6.centos.11.1 Build Date: Wed 27 Nov 2013 07:53:33 PM CST Install Date: Thu 27 Apr 2017 06:39:55 PM CST Build Host: c6b9.bsys.dev.centos.org Group : System Environment/Base Source RPM: centos-release-6-5.el6.centos.11.1.src.rpm Size : 32670 License: GPLv2 Signature : RSA/SHA1, Wed 27 Nov 2013 09:26:58 PM CST, Key ID 0946fca2c105b9de Packager : CentOS BuildSystem <http://bugs.centos.org> Summary : CentOS release file Description : CentOS release files [root@localhost yum.repos.d]# arch x86_64 [root@localhost yum.repos.d]#
2. Configuring rsyslog
By default, rsyslog can only transfer system logs, such as DHCP, cron, kern, etc. Now to transfer a service log to the remote rsyslog server, rsyslog's imfile module is used. This module provides the ability to convert any standard text file into syslog messages. This file is read line by line, and any read line is passed to rsyslog's rule engine.
Official documents:
http://www.rsyslog.com/doc/v8-stable/configuration/modules/imfile.html
The figure above is a configuration example, each parameter can refer to the corresponding module parameters in the text, module refers to the Module Parameters in the text, and input refers to the Input Parameters in the text.
[root@localhost yum.repos.d]# cp /etc/rsyslog.conf{,.20170613bak}
[root@localhost yum.repos.d]# vim /etc/rsyslog.conf
module(load="imfile" PollingInterval="10")
input(type="imfile" File="/opt/CalculationUnit/java/sh/logs/bigada.log" Tag="CalculationUnit" Severity="info" Facility="local0" freshStartTail="on" deleteStateOnFileDelete="on")
local0.* @10.10.15.175:514
[root@localhost yum.repos.d]# /etc/init.d/rsyslog restartmodule
load="imfile". Load imfile module
Polling Interval= "10". The frequency of polling files, in unit seconds, defaults to 10 seconds.
input
type="imfile"
File="/opt/CalculationUnit/java/sh/logs/bigada.log""The absolute path to the file sent to syslog
Tag="CalculationUnit"
Severity="info"
Facility="local0"
freshStartTail="on": Set on to read only the latest data and discard old logs every time rsyslog is restarted, default shutdown
deleteStateOnFileDelete="on" so that the file can be regenerated with parameters that need to be turned on, such as bigdata.log, which is renamed bigdata% YYY% mm% dd%. log every morning, and then regenerated bigdata.log.
Local 0. *@10.10.15.175:514 Defines the syslog server address
You can now view the information in the syslog server-side database
