setup log center
28 May 2014
In *inux System, there are some log tools, for example: syslog, rsyslog, syslog-ng, etc..
In our program we can record log to syslog, for example in php:
<?php
$priority = LOG_NOTICE;
$ident = 'srain';
$message = 'some messages@' . date('Y-m-d H:i:s');
openlog($ident, LOG_PID, LOG_LOCAL6);
syslog($priority, $message);
closelog();
When we have more than one webserver which will record log, we need a log center to keep all of the log.
Forwarding
syslog
*.local6 10.11.2.13 # the port is 514 and using the UDP protocal.
rsyslog
*.local6 @@10.11.2.13:514 # tcp *.local6 @10.11.2.13:601 # udp
syslog-ng
description d_loghost { udp("10.11.2.13" port(601)}; log { source(s_sys); description(d_loghost)};
Reciving
rsyslog
# for udp reception $ModLoad imudp $UDPServerRun 601 # for tcp reception $ModLoad imtcp $InputTCPServerRun 514
syslog-ng
destination df_wrt0 { # 不同的 ident 不同的文件 file("/var/log/$PROGRAM-$YEAR$MONTH$DAY" template("$FULLDATE $SOURCEIP-$HOST[$PID]: $MSG\n") template_escape(yes) ); }; source s_net { udp(ip(0.0.0.0) port(601)); tcp(ip(0.0.0.0) port(514)); }; log { source(s_net); destination(df_wrt0);};
Preformance
I prefer syslog/rsyslog + syslog-ng. It will be more stable and easy to config.
There were more than 2000 clients to send log to a log center.
Follow Me on GitHub