RSyslog: Difference between revisions

From Linux Wiki
Jump to navigation Jump to search
VisualWikitext
(Created page with "== Balansare IP cu KeepAlived pe Ubuntu 2X.04 LTS == 782x782px|none|Keepalived Pentru instalare keepalived se cere uneori (depinzand de ditributie si/sau versiune) instalarea librariei libipset13 <code class="mw-code mw-highlight plainlinks" style="display:block"><!-- -->apt install -y keepalived libipset13 </code> Pe fiecare dintre noduri se creaza si editeaza urmatorul fisier: <code class="mw-code mw-highlight plainlinks" style="display:block"...")
 
No edit summary
 
Line 1: Line 1:
== Balansare IP cu KeepAlived pe Ubuntu 2X.04 LTS ==
== Configurare Rsyslog Server pe Ubuntu 2X.04 LTS ==
[[File:Keepalived.png|782x782px|none|Keepalived]]
Ubuntu vine by default cu rsyslog-ul instalat. Pentru a fi transformat intr-un server care sa centralizeze logurile celorlalte statii este suficienta aduagarea urmatoarelor linii:
 
* nano /etc/rsyslog.conf


Pentru instalare keepalived se cere uneori (depinzand de ditributie si/sau versiune) instalarea librariei libipset13
<code class="mw-code mw-highlight plainlinks" style="display:block"><!--
<code class="mw-code mw-highlight plainlinks" style="display:block"><!--
-->apt install -y keepalived libipset13
-->$template remote-incoming-logs, "/var/log/SyncLog/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/%PROGRAMNAME%.log"
<nowiki>*</nowiki>.* ?remote-incoming-logs
& ~
</code>
</code>


Pe fiecare dintre noduri se creaza si editeaza urmatorul fisier:
===== Modul de receptie =====
Pentru activarea receptionarii prin TCP si UDP sunt completate/de-comentate liniile:
 
<code class="mw-code mw-highlight plainlinks" style="display:block"><!--
<code class="mw-code mw-highlight plainlinks" style="display:block"><!--
-->nano /etc/keepalived/keepalived.conf
-->module(load="imudp")
&nbsp;&nbsp;input(type="imudp" port="514")
module(load="imtcp")
&nbsp;&nbsp;input(type="imtcp" port="514")
</code>
</code>
cu urmatorul continut


===== ha01 =====
== Configurare Rsyslog Client pe Ubuntu 2X.04 LTS ==
Pentru a trimite log-uri catre un server central de Rsyslog se adauga urmatoarele linii in rsyslog.conf:
* nano /etc/rsyslog.conf
 
===== UDP =====
 
Pentru trimiterea log-urilor prin UDP (majoritatea situatiilor) este adaugata linia:
* nano /etc/rsyslog.conf
 
<code class="mw-code mw-highlight plainlinks" style="display:block"><!--
<code class="mw-code mw-highlight plainlinks" style="display:block"><!--
-->vrrp_instance VIP {
--><nowiki>*</nowiki>.* @192.168.7.123:514
&nbsp;&nbsp;state MASTER
&nbsp;&nbsp;interface ens18
&nbsp;&nbsp;virtual_router_id 66
&nbsp;&nbsp;priority 99
&nbsp;&nbsp;advert_int 1
&nbsp;&nbsp;unicast_src_ip 192.168.14.11
&nbsp;&nbsp;unicast_peer {
&nbsp;&nbsp;&nbsp;&nbsp;192.168.14.22
&nbsp;&nbsp;&nbsp;&nbsp;192.168.14.33
&nbsp;&nbsp;}
&nbsp;&nbsp;authentication {
&nbsp;&nbsp;&nbsp;&nbsp;auth_type PASS
&nbsp;&nbsp;&nbsp;&nbsp;auth_pass <span style="color:#f00">[pass1234]</span>
&nbsp;&nbsp;}
&nbsp;&nbsp;virtual_ipaddress {
&nbsp;&nbsp;&nbsp;&nbsp;192.168.14.123/24
&nbsp;&nbsp;}
}
</code>
</code>


===== ha02 si ha03 =====
===== TCP =====
<code class="mw-code mw-highlight plainlinks" style="display:block"><!--
 
-->vrrp_instance VIP {
&nbsp;&nbsp;state BACKUP
&nbsp;&nbsp;interface ens18
&nbsp;&nbsp;virtual_router_id 66
&nbsp;&nbsp;priority 97 <span style="color:#f00"><- pentru ha02</span>
&nbsp;&nbsp;priority 95 <span style="color:#f00"><- pentru ha03</span>
&nbsp;&nbsp;advert_int 1
&nbsp;&nbsp;unicast_src_ip 192.168.14.22 <span style="color:#f00"><- pentru ha02</span>
&nbsp;&nbsp;unicast_src_ip 192.168.14.33 <span style="color:#f00"><- pentru ha03</span>
&nbsp;&nbsp;unicast_peer {
&nbsp;&nbsp;&nbsp;&nbsp;192.168.14.11
&nbsp;&nbsp;&nbsp;&nbsp;192.168.14.33 <span style="color:#f00"><- pentru ha02</span>
&nbsp;&nbsp;&nbsp;&nbsp;192.168.14.22 <span style="color:#f00"><- pentru ha03</span>
&nbsp;&nbsp;}
&nbsp;&nbsp;authentication {
&nbsp;&nbsp;&nbsp;&nbsp;auth_type PASS
&nbsp;&nbsp;&nbsp;&nbsp;auth_pass <span style="color:#f00">[pass1234]</span>
&nbsp;&nbsp;}
&nbsp;&nbsp;virtual_ipaddress {
&nbsp;&nbsp;&nbsp;&nbsp;192.168.14.123/24
&nbsp;&nbsp;}
}
</code>
===== Legenda =====
'''vrrp_instance''' = numele instantei de VIP<br>
'''state''' = numele NIC-ului fizic sau virtual<br>
'''virtual_router_id''' = este un ID ce se aloca instantei respective (keepalived poate balansa mai multe IP-uri de pe mai multe NIC-uri)<br>
'''priority''' = reprezinta prioritatea serverului respectiv in lantul de redundanta<br>
'''advert_int''' = intervalul (secunde) in care se face verificarea celoralte instante de VIP<br>
'''unicast_src_ip''' = se trece IP-ul NIC-ului de pe serverul curent<br>
'''unicast_peer''' = se trec IP-urile celorlalte servere din instanta<br>
'''auth_pass''' = parola de maxim opt caractere persistenta pe toate instantele<br>
'''virtual_ipaddress''' = identifica IP-ul flotant de pe instantele de keepalived


== Monitorizarea Apache2 in vederea balansarii IP-ului ==
Pentru trimiterea log-urilor prin TCP (cand serverul central nu poate folosi UDP) este adaugata linia:


In vederea migrarii IP-ului in cazul unui fail al Apache2, se adauga urmatorul continut in toate serverele pe care instanta de Keepalived este configurata:
* nano /etc/rsyslog.conf


* nano /etc/keepalived/keepalived.conf
===== ha01, ha02 si ha03 =====
<code class="mw-code mw-highlight plainlinks" style="display:block"><!--
<code class="mw-code mw-highlight plainlinks" style="display:block"><!--
--><span style="color:#f00">vrrp_track_process trkap2 {
--><nowiki>*</nowiki>.* @@192.168.7.123:514
&nbsp;&nbsp;process apache2
&nbsp;&nbsp;weight 10
}</span>
vrrp_instance VIP {
&nbsp;&nbsp;state MASTER
&nbsp;&nbsp;interface ens18
&nbsp;&nbsp;virtual_router_id 66
&nbsp;&nbsp;priority 99
&nbsp;&nbsp;advert_int 1
&nbsp;&nbsp;unicast_src_ip 192.168.14.11
&nbsp;&nbsp;unicast_peer {
&nbsp;&nbsp;&nbsp;&nbsp;192.168.14.22
&nbsp;&nbsp;&nbsp;&nbsp;192.168.14.33
&nbsp;&nbsp;}
<span style="color:#f00">&nbsp;&nbsp;track_process {
&nbsp;&nbsp;&nbsp;&nbsp;trkap2
&nbsp;&nbsp;}</span>
&nbsp;&nbsp;authentication {
&nbsp;&nbsp;&nbsp;&nbsp;auth_type PASS
&nbsp;&nbsp;&nbsp;&nbsp;auth_pass [pass1234]
&nbsp;&nbsp;}
&nbsp;&nbsp;virtual_ipaddress {
&nbsp;&nbsp;&nbsp;&nbsp;192.168.14.123/24
&nbsp;&nbsp;}
}
</code>
</code>
===== Weight =====
Weight-ul se adauga la priority astfel incat toate nodurile cu Apache2 pornit vor avea urmatoarele prioritati:
* ha01=109
* ha02=107
* ha03=105
In momentul in care Apache2 este oprit pe ha01 priority va scade de la 109 la 99 astfel incat IP-ul va migra pe ha02 care la momentul respectiv va avea o prioritate de 107.


== Alertare Keepalived prin SMTP ==
===== Configurarea log-ului custom =====
Keepalived poate trimite alerte pe mail la migrarea unui IP de pe un nod pe altul:
In cazul in care modulul imfile nu este activat, acesta se poate activa prin adaugarea/de-comentarea liniei:
* nano /etc/rsyslog.conf


* nano /etc/keepalived/keepalived.conf
<code class="mw-code mw-highlight plainlinks" style="display:block"><!--
===== ha01, ha02 si ha03 =====
-->module(load="imfile" mode="inotify")
</code>


Pentru fiecare fisier de log in parte se va configura receptionarea de catre local rsyslog in vederea trimiterii catre serverul central
<code class="mw-code mw-highlight plainlinks" style="display:block"><!--
<code class="mw-code mw-highlight plainlinks" style="display:block"><!--
--><span style="color:#f00">global_defs {
-->input(type="imfile"
&nbsp;&nbsp;notification_email {
File="/path/catre/fisier.log"
&nbsp;&nbsp;&nbsp;&nbsp;monitorizare@domeniu.ro
Tag="apache"
&nbsp;&nbsp;}
Severity="info"
&nbsp;&nbsp;notification_email_from keepalived@domeniu.ro
Facility="local1")
&nbsp;&nbsp;smtp_server mail.domeniu.ro
&nbsp;&nbsp;smtp_connect_timeout 30
}</span>
vrrp_track_process track_apache {
&nbsp;&nbsp;process apache2
&nbsp;&nbsp;weight 10
}
vrrp_instance VIP {
&nbsp;&nbsp;state MASTER
&nbsp;&nbsp;interface ens18
&nbsp;&nbsp;virtual_router_id 66
&nbsp;&nbsp;priority 99
<span style="color:#f00">&nbsp;&nbsp;smtp_alert</span>
&nbsp;&nbsp;advert_int 1
&nbsp;&nbsp;unicast_src_ip 192.168.14.11
&nbsp;&nbsp;unicast_peer {
&nbsp;&nbsp;&nbsp;&nbsp;192.168.14.22
&nbsp;&nbsp;&nbsp;&nbsp;192.168.14.33
&nbsp;&nbsp;}
&nbsp;&nbsp;track_process {
&nbsp;&nbsp;&nbsp;&nbsp;track_apache
&nbsp;&nbsp;}
&nbsp;&nbsp;authentication {
&nbsp;&nbsp;&nbsp;&nbsp;auth_type PASS
&nbsp;&nbsp;&nbsp;&nbsp;auth_pass [pass1234]
&nbsp;&nbsp;}
&nbsp;&nbsp;virtual_ipaddress {
&nbsp;&nbsp;&nbsp;&nbsp;192.168.14.123/24
&nbsp;&nbsp;}
}
</code>
</code>
===== Legenda =====
 
'''notification_email''' = se va trece adresa de mail care va primi alertele de migrare IP<br>
'''Tag:''' poate fi numele aplicatiei sau importanta log-ului<br>
'''notification_email_from''' = se va trece adresa de mail de la care se trimit alertele. Desi keepalived nu face autentificare in serverul de mail, adresa trebuie sa fie una valida<br>
'''Facility:''' se folosesc etichetele "local0" pana la "local7"<br>
'''smtp_server''' = fqdn-ul serverului de mail<br>
'''Severity:''' se folosesc etichetele de mai jos
'''smtp_connect_timeout''' = perioada (secunde) ce va trece din momentul din care nodul pierde IP-ul pana va trimite alertarea pe mail
<blockquote>
Emergency: '''panic''' System is unusable<br>
Alert: '''alert''' Action must be taken immediately<br>
Critical: '''crit''' Critical conditions<br>
Error: '''error''' Error conditions<br>
Warning: '''warn''' Warning conditions<br>
Notice: '''notice''' Normal but significant condition<br>
Informational: '''info''' Informational messages<br>
Debug: '''debug''' Debug-level messages
</blockquote>


== Recomandari ==
== Recomandari ==
https://www.keepalived.org/
https://www.rsyslog.com/<br>
https://www.server-world.info/en/note?os=Ubuntu_22.04&p=rsyslog<br>
https://askubuntu.com/questions/93566/how-to-log-all-bash-commands-by-all-users-on-a-server/93570#93570

Latest revision as of 14:09, 1 November 2023

Configurare Rsyslog Server pe Ubuntu 2X.04 LTS[edit | edit source]

Ubuntu vine by default cu rsyslog-ul instalat. Pentru a fi transformat intr-un server care sa centralizeze logurile celorlalte statii este suficienta aduagarea urmatoarelor linii:

  • nano /etc/rsyslog.conf

$template remote-incoming-logs, "/var/log/SyncLog/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/%PROGRAMNAME%.log" *.* ?remote-incoming-logs & ~

Modul de receptie[edit | edit source]

Pentru activarea receptionarii prin TCP si UDP sunt completate/de-comentate liniile:

module(load="imudp")   input(type="imudp" port="514") module(load="imtcp")   input(type="imtcp" port="514")

Configurare Rsyslog Client pe Ubuntu 2X.04 LTS[edit | edit source]

Pentru a trimite log-uri catre un server central de Rsyslog se adauga urmatoarele linii in rsyslog.conf:

  • nano /etc/rsyslog.conf
UDP[edit | edit source]

Pentru trimiterea log-urilor prin UDP (majoritatea situatiilor) este adaugata linia:

  • nano /etc/rsyslog.conf

*.* @192.168.7.123:514

TCP[edit | edit source]

Pentru trimiterea log-urilor prin TCP (cand serverul central nu poate folosi UDP) este adaugata linia:

  • nano /etc/rsyslog.conf

*.* @@192.168.7.123:514

Configurarea log-ului custom[edit | edit source]

In cazul in care modulul imfile nu este activat, acesta se poate activa prin adaugarea/de-comentarea liniei:

  • nano /etc/rsyslog.conf

module(load="imfile" mode="inotify")

Pentru fiecare fisier de log in parte se va configura receptionarea de catre local rsyslog in vederea trimiterii catre serverul central input(type="imfile" File="/path/catre/fisier.log" Tag="apache" Severity="info" Facility="local1")

Tag: poate fi numele aplicatiei sau importanta log-ului
Facility: se folosesc etichetele "local0" pana la "local7"
Severity: se folosesc etichetele de mai jos

Emergency: panic System is unusable
Alert: alert Action must be taken immediately
Critical: crit Critical conditions
Error: error Error conditions
Warning: warn Warning conditions
Notice: notice Normal but significant condition
Informational: info Informational messages
Debug: debug Debug-level messages

Recomandari[edit | edit source]

https://www.rsyslog.com/
https://www.server-world.info/en/note?os=Ubuntu_22.04&p=rsyslog
https://askubuntu.com/questions/93566/how-to-log-all-bash-commands-by-all-users-on-a-server/93570#93570

Retrieved from "https://wiki.stradivart.ro/index.php?title=RSyslog&oldid=7"