FAQ_서비스_Ubuntu에서 Ceelog Template을 설치하고 싶은데 어떻게 하나요?

Ubuntu에서 Ceelog Template을 설치하고 싶은데 어떻게 하나요?

Ceelog 설치 가이드 (Ubuntu)

버전 정보를 확인합니다.

root@rsyslog:~# rsyslogd -v
rsyslogd 7.4.4, compiled with:
FEATURE_REGEXP: Yes
FEATURE_LARGEFILE: No
GSSAPI Kerberos 5 support: Yes
FEATURE_DEBUG (debug build, slow code): No
32bit Atomic operations supported: Yes
64bit Atomic operations supported: Yes
Runtime Instrumentation (slow code): No
uuid support: Yes
See http://www.rsyslog.com for more information.

Rsyslog update

root@rsyslog:~# add-apt-repository ppa:adiscon/v8-stable
sudo: unable to resolve host rsyslog
Contains the latest RSyslog V8-Stable packages and dependencies.
더 많은 정보: https://launchpad.net/~adiscon/+archive/ubuntu/v8-stable
계속하려면 [엔터] 키를 누르시고 추가를 취소하려면 컨트롤+C 키를 눌러주십시오
gpg: keyring `/tmp/tmpw05yb5jp/secring.gpg’ created
gpg: keyring `/tmp/tmpw05yb5jp/pubring.gpg’ created
gpg: requesting key 5234BF2B from hkp server keyserver.ubuntu.com
gpg: /tmp/tmpw05yb5jp/trustdb.gpg: trustdb created
gpg: key 5234BF2B: public key “Launchpad PPA for Adiscon” imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
OK

root@rsyslog:~# apt-get update
sudo: unable to resolve host rsyslog
무시http://kr.archive.ubuntu.com trusty InRelease
무시http://kr.archive.ubuntu.com trusty-updates InRelease
무시http://kr.archive.ubuntu.com trusty-backports InRelease
기존 http://kr.archive.ubuntu.com trusty Release.gpg
받기:1 http://kr.archive.ubuntu.com trusty-updates Release.gpg [933 B] …
…

root@rsyslog:~# apt-get -y install rsyslog
sudo: unable to resolve host rsyslog
의존성 트리를 만드는 중입니다
상태 정보를 읽는 중입니다… 완료
libjemalloc1 (3.5.1-2) 설정하는 중입니다 …
libmongo-client0:amd64 (0.1.7-1) 설정하는 중입니다 …
libestr0 (0.1.10-0adiscon1trusty1) 설정하는 중입니다 …
libgt0 (0.3.11-0adiscon4trusty1) 설정하는 중입니다 …
libksi0 (3.2.2.0-0adiscon1trusty1) 설정하는 중입니다 …
liblogging-stdlog1 (1.0.5-0adiscon1trusty1) 설정하는 중입니다 …
rsyslog (8.11.0-0adiscon2trusty1) 설정하는 중입니다 …

Rsyslog config에 추가합니다.

[root@rsyslog ~]# vi /etc/rsyslog.conf
25 #### RULES ####
26
27 # Log all kernel messages to the console.
28 # Logging much else clutters up the screen.
29 #kern.* /dev/console
30 kern.* /var/log/console
31
32 # Log anything (except mail) of level info or higher.
33 # Don’t log private authentication messages!
34 *.info;mail.none;authpriv.none;cron.none /var/log/messages
35
36 # The authpriv file has restricted access.
37 authpriv.* /var/log/secure
38
39 # Log all the mail messages in one place.
40 mail.* /var/log/maillog
41
42
43 # Log cron stuff
44 cron.* /var/log/cron
45
46 # Everybody gets emergency messages
47 *.emerg :omusrmsg:*
48
49
50 # Save news errors of level crit and higher in a special file.
51 uucp,news.crit /var/log/spooler
52
53 # Save boot messages also to boot.log
54 local7.* /var/log/boot.log
….
57 # create Lumberjack messages template
58 #template(name=”CEETemplate” type=”string” string=”%TIMESTAMP% %HOSTNAME% %syslogtag% @cee: %$!all-json%n”)
59 template(name=”CEETemplate” type=”list”) {
60 constant(value=”{“)
61 constant(value=”“@ceelog“: “) ==> (역슬래쉬 부분이 복사가 안됩니다. 직접 입력하여주세요.)
62 constant(value=”{“) property(format=”jsonfr” name=”timegenerated” dateformat=”rfc3339″)
63 constant(value=”,”) property(format=”jsonfr” name=”programname”)
64 constant(value=”,”) property(format=”jsonfr” name=”hostname”)
65 constant(value=”,”) property(format=”jsonfr” name=”syslogtag”)
66 constant(value=”,”) property(format=”jsonfr” name=”pri”)
67 constant(value=”,”) property(format=”jsonfr” name=”pri-text”)
68 constant(value=”,”) property(format=”jsonfr” name=”syslogfacility”)
69 constant(value=”,”) property(format=”jsonfr” name=”syslogfacility-text”)
70 constant(value=”,”) property(format=”jsonfr” name=”syslogseverity”)
71 constant(value=”,”) property(format=”jsonfr” name=”syslogseverity-text”)
72 constant(value=”,”) property(format=”jsonfr” name=”msg”)
73 constant(value=”}”)
74 constant(value=”}n”) ==> (역슬래쉬 부분이 복사가 안됩니다. 직접 입력하여주세요.)
75 }
76
77 # save unmodified messages into /var/log/message
78 $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
79 *.* /var/log/messages
80
81 # save Lumberjack enhanced messages to /var/log/ceelog
82 $ModLoad mmjsonparse
83 *.* :mmjsonparse:
84 *.* /var/log/ceelog;CEETemplate

아래의 내용을 복사한 후 붙여넣기를 합니다.

#### RULES ####
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
kern.* /var/log/console# Log anything (except mail) of level info or higher.
# Don’t log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages# The authpriv file has restricted access.
authpriv.* /var/log/secure# Log all the mail messages in one place.
mail.* /var/log/maillog# Log cron stuff
cron.* /var/log/cron# Everybody gets emergency messages
*.emerg :omusrmsg:*# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler

# Save boot messages also to boot.log
local7.* /var/log/boot.log

# create Lumberjack messages template
#template(name=”CEETemplate” type=”string” string=”%TIMESTAMP% %HOSTNAME% %syslogtag% @cee: %$!all-json%n”)
template(name=”CEETemplate” type=”list”) {
constant(value=”{“)
constant(value=”“@ceelog“: “) ==> (역슬래쉬 부분이 복사가 안됩니다. 직접 입력하여주세요.)
constant(value=”{“) property(format=”jsonfr” name=”timegenerated” dateformat=”rfc3339″)
constant(value=”,”) property(format=”jsonfr” name=”programname”)
constant(value=”,”) property(format=”jsonfr” name=”hostname”)
constant(value=”,”) property(format=”jsonfr” name=”syslogtag”)
constant(value=”,”) property(format=”jsonfr” name=”pri”)
constant(value=”,”) property(format=”jsonfr” name=”pri-text”)
constant(value=”,”) property(format=”jsonfr” name=”syslogfacility”)
constant(value=”,”) property(format=”jsonfr” name=”syslogfacility-text”)
constant(value=”,”) property(format=”jsonfr” name=”syslogseverity”)
constant(value=”,”) property(format=”jsonfr” name=”syslogseverity-text”)
constant(value=”,”) property(format=”jsonfr” name=”msg”)
constant(value=”}”)
constant(value=”}n”) ==> (역슬래쉬 부분이 복사가 안됩니다. 직접 입력하여주세요.)
}
# save unmodified messages into /var/log/message
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
*.* /var/log/messages
# save Lumberjack enhanced messages to /var/log/ceelog
$ModLoad mmjsonparse
*.* :mmjsonparse:
*.* /var/log/ceelog;CEETemplate

재시작한 후 오류내용을 확인합니다.

root@rsyslog:~# service rsyslog restart
rsyslog stop/waiting
rsyslog start/running, process 2980root@rsyslog:~# cd /var/log root@rsyslog:/var/log# tail messages
{“@ceelog”: {“timegenerated”:”2015-07-29T01:14:28.058350+09:00″,”programname”:”rsyslogd”,”hostname”:”rsyslog”,”syslogtag”:”rsyslogd:”,”pri”:”46″,”pri-text”:”syslog.info”,”syslogfacility”:”5″,”syslogfacility-text”:”syslog”,”syslogseverity”:”6″,”syslogseverity-text”:”info”,”msg”:” [origin software=”rsyslogd” swVersion=”8.11.0″ x-pid=”3874″ x-info=”http://www.rsyslog.com”] start”}}
{“@ceelog”: {“timegenerated”:”2015-07-29T01:14:28.052679+09:00″,”programname”:”rsyslogd-2066″,”hostname”:”rsyslog”,”syslogtag”:”rsyslogd-2066:”,”pri”:”43″,”pri-text”:”syslog.err”,”syslogfacility”:”5″,”syslogfacility-text”:”syslog”,”syslogseverity”:”3″,”syslogseverity-text”:”err”,”msg”:”could not load module ‘/usr/lib/rsyslog/mmjsonparse.so’, dlopen: /usr/lib/rsyslog/mmjsonparse.so: cannot open shared object file: No such file or directory [v8.11.0 try http://www.rsyslog.com/e/2066 ]”}}

root@rsyslog:/var/log# apt-get -y install rsyslog-mmjsonparse
패키지 목록을 읽는 중입니다… 완료의존성 트리를 만드는 중입니다상태 정보를 읽는 중입니다… 완료
…
…
rsyslog-mmjsonparse (8.11.0-0adiscon2trusty1) 설정하는 중입니다 …
Processing triggers for libc-bin (2.19-0ubuntu6.5) …

ceelog를 실행합니다.

root@rsyslog:/var/log# tail ceelog
{“@ceelog”: {“timegenerated”:”2015-07-29T01:14:28.058209+09:00″,”programname”:”rsyslogd”,”hostname”:”rsyslog”,”syslogtag”:”rsyslogd:”,”pri”:”46″,”pri-text”:”syslog.info”,”syslogfacility”:”5″,”syslogfacility-text”:”syslog”,”syslogseverity”:”6″,”syslogseverity-text”:”info”,”msg”:”rsyslogd’s userid changed to 101″}}
…
…
{“@ceelog”: {“timegenerated”:”2015-07-29T01:17:01.584032+09:00″,”programname”:”CRON”,”hostname”:”rsyslog”,”syslogtag”:”CRON[3888]:”,”pri”:”86″,”pri-text”:”authpriv.info”,”syslogfacility”:”10″,”syslogfacility-text”:”authpriv”,”syslogseverity”:”6″,”syslogseverity-text”:”info”,”msg”:” pam_unix(cron:session): session closed for user root”}}