CentOS에서 Ceelog Template을 설치하고 싶은데 어떻게 하나요?
Ceelog 설치 가이드 (CentOS)
버전 정보를 확인합니다.
[root@rsyslog ~]# rsyslogd -v
rsyslogd 5.8.10, compiled with:
FEATURE_REGEXP: Yes
FEATURE_LARGEFILE: No
GSSAPI Kerberos 5 support: Yes
FEATURE_DEBUG (debug build, slow code): No
32bit Atomic operations supported: Yes
64bit Atomic operations supported: Yes
Runtime Instrumentation (slow code): No
See http://www.rsyslog.com for more information.
Rsyslog config 수정합니다.
[root@rsyslog ~]# vi /etc/rsyslog.conf
34 #### RULES ####
35
36 # Log all kernel messages to the console.
37 # Logging much else clutters up the screen.
38 #kern.* /dev/console
39 kern.* /var/log/console
40
41 # Log anything (except mail) of level info or higher.
42 # Don’t log private authentication messages!
43 *.info;mail.none;authpriv.none;cron.none /var/log/messages
44
45 # The authpriv file has restricted access.
46 authpriv.* /var/log/secure
47
48 # Log all the mail messages in one place.
49 mail.* -/var/log/maillog
50
51
52 # Log cron stuff
53 cron.* /var/log/cron
54
55 # Everybody gets emergency messages
56 *.emerg :omusrmsg:*
57
58 # Save news errors of level crit and higher in a special file.
59 uucp,news.crit /var/log/spooler
60
61 # Save boot messages also to boot.log
62 local7.* /var/log/boot.log
Rsyslog config 추가합니다.
33 # create Lumberjack messages template
34 #template(name=”CEETemplate” type=”string” string=”%TIMESTAMP% %HOSTNAME% %syslogtag% @cee: %$!all-json%n”)
35 template(name=”CEETemplate” type=”list”) {
36 constant(value=”{“)
37 constant(value=”
“@ceelog“: “) ==> (역슬래쉬 부분이 복사가 안됩니다. 직접 입력하여주세요.)
38 constant(value=”{“) property(format=”jsonfr” name=”timegenerated” dateformat=”rfc3339″)
39 constant(value=”,”) property(format=”jsonfr” name=”programname”)
40 constant(value=”,”) property(format=”jsonfr” name=”hostname”)
41 constant(value=”,”) property(format=”jsonfr” name=”syslogtag”)
42 constant(value=”,”) property(format=”jsonfr” name=”pri”)
43 constant(value=”,”) property(format=”jsonfr” name=”pri-text”)
44 constant(value=”,”) property(format=”jsonfr” name=”syslogfacility”)
45 constant(value=”,”) property(format=”jsonfr” name=”syslogfacility-text”)
46 constant(value=”,”) property(format=”jsonfr” name=”syslogseverity”)
47 constant(value=”,”) property(format=”jsonfr” name=”syslogseverity-text”)
48 constant(value=”,”) property(format=”jsonfr” name=”msg”)
49 constant(value=”}”)
50 constant(value=”}n”) ==> (역슬래쉬 부분이 복사가 안됩니다. 직접 입력하여주세요.)
51 }
52
53 # save unmodified messages into /var/log/message
54 $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
55 *.* /var/log/messages
56
57 # save Lumberjack enhanced messages to /var/log/ceelog
58 $ModLoad mmjsonparse
59 *.* :mmjsonparse: />
아래의 내용을 복사한 후 붙여넣기를 합니다.
# create Lumberjack messages template
#template(name=”CEETemplate” type=”string” string=”%TIMESTAMP% %HOSTNAME% %syslogtag% @cee: %$!all-json%n”)
template(name=”CEETemplate” type=”list”) {
constant(value=”{“)
constant(value=”“@ceelog“: “) ==> (역슬래쉬 부분이 복사가 안됩니다. 직접 입력하여주세요.)
constant(value=”{“) property(format=”jsonfr” name=”timegenerated” dateformat=”rfc3339″)
constant(value=”,”) property(format=”jsonfr” name=”programname”)
constant(value=”,”) property(format=”jsonfr” name=”hostname”)
constant(value=”,”) property(format=”jsonfr” name=”syslogtag”)
constant(value=”,”) property(format=”jsonfr” name=”pri”)
constant(value=”,”) property(format=”jsonfr” name=”pri-text”)
constant(value=”,”) property(format=”jsonfr” name=”syslogfacility”)
constant(value=”,”) property(format=”jsonfr” name=”syslogfacility-text”)
constant(value=”,”) property(format=”jsonfr” name=”syslogseverity”)
constant(value=”,”) property(format=”jsonfr” name=”syslogseverity-text”)
constant(value=”,”) property(format=”jsonfr” name=”msg”)
constant(value=”}”)
constant(value=”}n”) ==> (역슬래쉬 부분이 복사가 안됩니다. 직접 입력하여주세요.)
}
# save unmodified messages into /var/log/message
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
*.* /var/log/messages
# save Lumberjack enhanced messages to /var/log/ceelog
$ModLoad mmjsonparse
*.* :mmjsonparse:
*.* /var/log/ceelog;CEETemplate
재시작 후 오류내용을 확인합니다.
[root@rsyslog ~]# service rsyslog restart
시스템 로거 종료 중: [ OK ]
시스템 로거 시작 중: [ OK ]
[root@rsyslog ~]# cd /var/log/
[root@rsyslog log]# tail messages
Jul 26 21:53:22 rsyslog rsyslogd-2066: could not load module ‘/lib64/rsyslog/mmjsonparse.so’, dlopen: /lib64/rsyslog/mmjsonparse.so: cannot open shared object file: No such file or directory
[try http://www.rsyslog.com/e/2066 ]
Jul 26 21:53:22 rsyslog rsyslogd: the last error occured in /etc/rsyslog.conf, line 57:”$ModLoad mmjsonparse”
Jul 26 21:53:22 rsyslog rsyslogd: the last error occured in /etc/rsyslog.conf, line 58:”*.* :mmjsonparse:”
Jul 26 21:53:22 rsyslog rsyslogd: warning: selector line without actions will be discarded
Jul 26 21:53:22 rsyslog rsyslogd-3003: Could not find template ‘CEETemplate’ – action disabled
[try http://www.rsyslog.com/e/3003 ]
Jul 26 21:53:22 rsyslog rsyslogd: the last error occured in /etc/rsyslog.conf, line 59:”*.* /var/log/ceelog;CEETemplate”
Jul 26 21:53:22 rsyslog rsyslogd: warning: selector line without actions will be discarded
Jul 26 21:53:22 rsyslog rsyslogd-2124: CONFIG ERROR: could not interpret master config file ‘/etc/rsyslog.conf’. [try http://www.rsyslog.com/e/2124 ]
Rsyslog update를 합니다.
[root@rsyslog log]# cd /etc/yum.repos.d/
[root@rsyslog yum.repos.d]# wget http://rpms.adiscon.com/v8-stable/rsyslog.repo
–2015-07-26 21:59:05– http://rpms.adiscon.com/v8-stable/rsyslog.repo
Resolving rpms.adiscon.com… 62.75.145.131
Connecting to rpms.adiscon.com|62.75.145.131|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 227 [text/plain]
Saving to: `rsyslog.repo’
100%[==========================================================>] 227 –.-K/s in 0s
2015-07-26 21:59:07 (15.5 MB/s) – `rsyslog.repo’ saved [227/227]
[root@rsyslog yum.repos.d]# cat rsyslog.repo
[rsyslog_v8]
name=Adiscon CentOS-$releasever – local packages for $basearch
baseurl=http://rpms.adiscon.com/v8-stable/epel-$releasever/$basearch
enabled=1
gpgcheck=0
gpgkey=http://rpms.adiscon.com/RPM-GPG-KEY-Adiscon
protect=1
[root@rsyslog yum.repos.d]# yum -y update rsyslog
Dependencies Resolved
=================================================================================
Package Arch Version Repository Size
=================================================================================
Updating:
rsyslog x86_64 8.11.0-2.el6 rsyslog_v8 531 k
Installing for dependencies:
json-c x86_64 0.11-11.el6 base 51 k
libestr x86_64 0.1.10-1.el6 rsyslog_v8 8.3 k
libgt x86_64 0.3.11-1.el6 rsyslog_v8 54 k
libksi x86_64 3.2.2.0-1.el6 rsyslog_v8 95 k
liblogging x86_64 1.0.5-1.el6 rsyslog_v8 23 k
Transaction Summary
=================================================================================
Install 5 Package(s)
Upgrade 1 Package(s)
[root@rsyslog yum.repos.d]# yum -y install rsyslog-mmjsonparse
Dependencies Resolved
=================================================================================
Package Arch Version Repository Size
=================================================================================
Installing:
rsyslog-mmjsonparse x86_64 8.11.0-2.el6 rsyslog_v8 12 k
Transaction Summary
=================================================================================
Install 1 Package(s)
ceelog를 실행합니다.
[root@rsyslog yum.repos.d]# cd /var/log
[root@rsyslog log]# tail -f ceelog
{“@ceelog”: {“timegenerated”:”2015-07-26T22:01:54.959535+09:00″,”programname”:”rsyslogd”,”hostname”:”rsyslog”,”syslogtag”:”rsyslogd:”,”pri”:”46″,”pri-text”:”syslog.info”,”syslogfacility”:”5″,”syslogfacility-text”:”syslog”,”syslogseverity”:”6″,”syslogseverity-text”:”info”,”msg”:” [origin software=”rsyslogd” swVersion=”8.11.0″ x-pid=”26513″ x-info=”http://www.rsyslog.com”] start”}}
…
…
{“@ceelog”: {“timegenerated”:”2015-07-26T22:07:28.556358+09:00″,”programname”:”yum”,”hostname”:”rsyslog”,”syslogtag”:”yum[26533]:”,”pri”:”14″,”pri-text”:”user.info”,”syslogfacility”:”1″,”syslogfacility-text”:”user”,”syslogseverity”:”6″,”syslogseverity-text”:”info”,”msg”:” Installed: rsyslog-mmjsonparse-8.11.0-2.el6.x86_64″}}