rsyslogd服务器及负载均衡
设备及规划
|
LBHost
|
VIP
|
Port
|
RealServer
|
备注
|
|
192.168.0.32
|
192.168.0.35
|
TCP:514,UDP:514
|
192.168.0.33/34:514
|
test
|
|
192.168.0.28
|
TCP:514,UDP:514
|
192.168.0.33/34:1514
|
pre
|
-
rsyslogd服务:tcp/udp: 192.168.0.35:514
keepalived
#! Configuration File for keepalived
# Update: 2013-04-16 SYSLOGD
global_defs {
# notification_email {
# my@gdu.me
# }
# notification_email_from my.gdu.me
# smtp_server smtp.gdu.me
# smtp_connect_timeout 30
router_id RSYSLOG_LVS1
}
# ------------------------------------------------------------------------------
vrrp_instance VI_1 {
state MASTER
priority 200
virtual_router_id 50
interface eth0
lvs_sync_daemon_interface eth0
track_interface {
eth0
}
advert_int 1
authentication {
auth_type PASS
auth_pass LOGDPass
}
virtual_ipaddress {
192.168.0.35/24 dev eth0 label eth0:0
}
nopreempt
}
# ------------------------------------------------------------------------------
# | LBHost | VIP | Port | RealServer |
# | 192.168.0.32 | 192.168.0.35 | TCP:514,UDP:514 | 192.168.0.33/34 |
# ------------------------------------------------------------------------------
# RSYSLOG_TCP
virtual_server 192.168.0.35 514 {
delay_loop 6
lb_algo wlc
lb_kind DR
persistence_timeout 50
protocol TCP
ha_suspend
real_server 192.168.0.33 514 {
weight 1
TCP_CHECK {
connect_port 514
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
} # end real_server
real_server 192.168.0.34 514 {
weight 1
TCP_CHECK {
connect_port 514
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
} # end real_server
} # end virtual_server 192.168.0.35 514
# RSYSLOG_UDP
virtual_server 192.168.0.35 514 {
delay_loop 6
lb_algo wlc
lb_kind DR
persistence_timeout 50
protocol UDP
ha_suspend
real_server 192.168.0.33 514 {
weight 1
TCP_CHECK {
connect_port 514
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
} # end real_server
real_server 192.168.0.34 514 {
weight 1
TCP_CHECK {
connect_port 514
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
} # end real_server
} # end virtual_server 192.168.0.35 514
# ------------------------------------------------------------------------------
realserver
VIP配置
rsyslogd配置
-
/etc/rsyslogd.conf
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
$ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerRun 514
$InputTCPMaxSessions 500
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
:FROMHOST-IP, isequal, "172.17.10.18" /var/log/172.17.10.18.log
:FROMHOST-IP, isequal, "172.17.10.18" ~
:FROMHOST-IP, startswith, "172.17.19." /var/log/172.17.19.log
:FROMHOST-IP, startswith, "172.17.19." ~
*.info;mail.none;authpriv.none;cron.none /var/log/messages
authpriv.* /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
*.emerg *
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log
-
rsyslog_v7.conf
# rsyslog configuration file
# note that most of this config file uses old-style format,
# because it is well-known AND quite suitable for simple cases
# like we have with the default config. For more advanced
# things, RainerScript configuration is suggested.
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
#### TEMPLATE ###
template (name="MobileDynFile" type="string" string="/var/log/mySync/%syslogtag:F,44:2%/ap/%syslogtag:F,44:2%_behavioralForMobile_%$year%_%$month%_%$day%_%$myhostname%.log")
template (
name="PREMobileDynFile"
type="string"
string="/var/log/PREmySync/%syslogtag:F,44:2%/ap/%syslogtag:F,44:2%_behavioralForMobile_%$year%_%$month%_%$day%_%$myhostname%.log")
#### OUT TEMPLATE ####
template (name="OutputMoblieAction" type="string" string="%rawmsg:19:$%\n")
template (name="OutputBusiness" type="string" string="%rawmsg:18:$%\n")
template (name="OutputVehicleAction" type="string" string="%rawmsg:20:$%\n")
template (name="OtherTemplate" type="string" string="%fromhost-ip%:%rawmsg%\n")
#### REUL SET ###
ruleset(name="APLog") {
if $syslogfacility-text == 'local5' and $syslogtag contains'MobileAction' then {
action(type="omfile" DynaFile="MobileDynFile" Template="OutputMoblieAction" DirOwner="admin" DirGroup="admin" FileOwner="admin" FileGroup="admin")
stop
} else {
action(type="omfile" file="/var/log/rsyslogtestOther.log" Template="OtherTemplate" FileOwner="admin" FileGroup="admin")
stop
}
} # end rule APLog
ruleset(name="APLogPre") {
if $syslogfacility-text == 'local5' and $syslogtag contains'MobileAction' then {
action(type="omfile" DynaFile="PREMobileDynFile" Template="OutputMoblieAction" DirOwner="admin" DirGroup="admin" FileOwner="admin" FileGroup="admin")
stop
} else {
action(type="omfile" file="/var/log/rsyslogPreOther.log" Template="OtherTemplate" FileOwner="admin" FileGroup="admin")
stop
}
} # end rule APLogpre
#### MODULES ####
module(load="imuxsock") # provides support for local system logging (e.g. via logger command)
module(load="imklog") # provides kernel logging support (previously done by rklogd)
#module(load"immark") # provides --MARK-- message capability
# Provides UDP syslog reception
# for parameters see http://www.rsyslog.com/doc/imudp.html
module(load="imudp") # needs to be done just once
input(type="imudp" port="514" ruleset="APLog")
input(type="imudp" port="1514" ruleset="APLogPre")
#input(type="imudp" port="514")
# Provides TCP syslog reception
# for parameters see http://www.rsyslog.com/doc/imtcp.html
module(load="imtcp") # needs to be done just once
input(type="imtcp" port="514" ruleset="APLog")
input(type="imtcp" port="1514" ruleset="APLogPre")
#input(type="imtcp" port="514")
#### GLOBAL DIRECTIVES ####
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
#### RULES ####
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* /var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg :omusrmsg:*
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
#log message
#Module (path="builtin:omfile")
#local5.* action(type="omfile",ruleset="mobileAction")
#local6.* action(type="omfile",ruleset="mobileAction")
# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$WorkDirectory /var/lib/rsyslog # where to place spool files
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList # run asynchronously
#$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
# ### end of the forwarding rule ###