rsyslog 重新整理

几年前用的rsyslog今天重新整理一下

部分参考http://www.gaizaoren.org/archives/408

环境centos6.5

yum install rsyslog
yum install mysql-server
yum install rsyslog-mysql
yum install httpd php php-mysyql php-gd

cd/usr/share/doc/rsyslog-mysql-5.8.10

mysql<createDB.sql

会在mysql中建立两个表

SystemEvents

SystemEventsProperties

下面配置正确,SystemEvents中会有数据

mysql的支持

需要在

/etc/rsyslog.conf

中添加

$ModLoad imudp
$ModLoad ommysql
$UDPServerRun 514
12.*    /opt/log/meedo.log
12.*     :ommysql:127.0.0.1,Syslog,root,密码;

Syslog是createDB.sql建的库名

root是mysql用户

密码是mysql的密码

注意这里为12,后面客户端用到,开始设置local0---local6,php的接口获取不到,所以设置为12,貌似php只能支持到14,local0是16,local1是17,顺次往上

log4j指定12和php的udp头里面指定12

完整的rsyslog.conf为

[root@host-10-6-6-4 rsyslog-mysql-5.8.10]# cat /etc/rsyslog.conf
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
#$ModLoad immark  # provides --MARK-- message capability
$ModLoad imudp
$ModLoad ommysql
$UDPServerRun 514
12.*    /opt/log/meedo.log
12.*     :ommysql:127.0.0.1,Syslog,root,haoning;  
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
*.info;mail.none;authpriv.none;cron.none                /var/log/messages
authpriv.*                                              /var/log/secure
mail.*                                                  -/var/log/maillog
cron.*                                                  /var/log/cron
*.emerg                                                 *
uucp,news.crit                                          /var/log/spooler
local7.*                                                /var/log/boot.log
[root@host-10-6-6-4 rsyslog-mysql-5.8.10]#

修改/etc/sysconfig/rsyslog

# Options for rsyslogd
# Syslogd options are deprecated since rsyslog v3.
# If you want to use them, switch to compatibility mode 2 by "-c 2"
# See rsyslogd(8) for more details
#SYSLOGD_OPTIONS="-c 5"
SYSLOGD_OPTIONS=" -m 0 -r"

servicersyslogrestart

java客户端

import org.slf4j.Logger;  
import org.slf4j.LoggerFactory;  
  
public class TestLog {  
  
    private static final Logger logger = LoggerFactory.getLogger(TestLog.class);  
    public static void main(String[] args) {  
        logger.info("test haoning haha this is 123");  
  
    }  
  
}

log4j配置

log4j.rootLogger=INFO,CONSOLE,SYSLOG  
#log4j.rootLogger=INFO,SYSLOG,CONSOLE,DAILY_ROLLING_FILE  
log4j.addivity.org.apache=true  
log4j.debug=false  
  
###################  
# Console Appender  
###################  
log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender  
log4j.appender.CONSOLE.Target=System.out  
log4j.appender.CONSOLE.Threshold=DEBUG  
log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout  
log4j.appender.CONSOLE.layout.ConversionPattern=[%-5p] %d{yyyy-MM-dd HH:mm:ss} %l %m%n  
  
  
  
########################  
# RSYSLOG  
########################  
app.name=haohao 
log4j.appender.SYSLOG=org.apache.log4j.net.SyslogAppender  
log4j.appender.SYSLOG.SyslogHost= 103.227.81.149  
log4j.appender.SYSLOG.Facility=12  
log4j.appender.SYSLOG.Threshold=INFO  
log4j.appender.SYSLOG.layout=org.apache.log4j.PatternLayout  
log4j.appender.SYSLOG.layout.ConversionPattern=${app.name} %d{yyyy-MM-dd HH:mm:ss} %c:%L %m%n

java需要三个jar

log4j-1.2.17.jar

slf4j-api-1.7.5.jar

slf4j-log4j12-1.7.5.jar

注意这里Facility用的12,跟rsyslog配置的一样

运行就写入这台机器了

php的客户端

private static function mgsyslog($level,$msg)
	{
		$server="103.227.81.149";
		$port=514;
		$facility=1;
		$pid=posix_getpid();
		$process="PHP[${pid}]";
		$actualtime = time();
		$month      = date("M", $actualtime);
		$day        = substr("  ".date("j", $actualtime), -2);
		$hhmmss     = date("H:i:s", $actualtime);
		$timestamp  = $month." ".$day." ".$hhmmss;
		$hostname=gethostname();
		$pri    = "<".($facility*8 + $level).">";
		$header = $timestamp." ".$hostname;
		$message = substr($pri.$header." ".$process.": ".$msg, 0, 1024);
		$fp = fsockopen("udp://".$server, $port, $errno, $errstr);
		if ($fp)
		{
			fwrite($fp, $message);
			fclose($fp);
			return true;
		}
		return false;
	}

注意这里$pri计算生成的是12

调用

self::mgsyslog(4,"hahaokfromphp-thisis12-----");

相关推荐