Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
redhat:server-monitoring-redhat:start [2018/01/17 10:45] – michael | redhat:server-monitoring-redhat:start [2019/08/27 10:34] – michael | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Server Monitoring Redhat / CentOS ====== | ====== Server Monitoring Redhat / CentOS ====== | ||
+ | |||
+ | ===== Logging Stacks - Infrastructure Logging ===== | ||
+ | |||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ===== Systemweites Logging aller User Commands | ||
+ | Gewünscht wird das loggen von sämtlichen Kommandos, aller Usern System-weit. Um dies zu realisieren müssen dazu zwei Files angepasst und der '' | ||
+ | |||
+ | * '' | ||
+ | <WRAP center box 100%> | ||
+ | < | ||
+ | # vim /etc/bashrc | ||
+ | </ | ||
+ | |||
+ | <sxh bash; highlight: [93,94]> | ||
+ | # /etc/bashrc | ||
+ | |||
+ | # System wide functions and aliases | ||
+ | # Environment stuff goes in / | ||
+ | |||
+ | # It's NOT a good idea to change this file unless you know what you | ||
+ | # are doing. It's much better to create a custom.sh shell script in | ||
+ | # / | ||
+ | # will prevent the need for merging in future updates. | ||
+ | |||
+ | # are we an interactive shell? | ||
+ | if [ " | ||
+ | if [ -z " | ||
+ | case $TERM in | ||
+ | xterm*|vte*) | ||
+ | if [ -e / | ||
+ | PROMPT_COMMAND=/ | ||
+ | elif [ " | ||
+ | PROMPT_COMMAND=" | ||
+ | else | ||
+ | PROMPT_COMMAND=' | ||
+ | fi | ||
+ | ;; | ||
+ | screen*) | ||
+ | if [ -e / | ||
+ | PROMPT_COMMAND=/ | ||
+ | else | ||
+ | PROMPT_COMMAND=' | ||
+ | fi | ||
+ | ;; | ||
+ | *) | ||
+ | [ -e / | ||
+ | ;; | ||
+ | esac | ||
+ | fi | ||
+ | # Turn on parallel history | ||
+ | shopt -s histappend | ||
+ | history -a | ||
+ | # Turn on checkwinsize | ||
+ | shopt -s checkwinsize | ||
+ | [ " | ||
+ | # You might want to have e.g. tty in prompt (e.g. more virtual machines) | ||
+ | # and console windows | ||
+ | # If you want to do so, just add e.g. | ||
+ | # if [ " | ||
+ | # | ||
+ | # fi | ||
+ | # to your custom modification shell script in / | ||
+ | fi | ||
+ | |||
+ | if ! shopt -q login_shell ; then # We're not a login shell | ||
+ | # Need to redefine pathmunge, it get's undefined at the end of / | ||
+ | pathmunge () { | ||
+ | case ": | ||
+ | *:" | ||
+ | ;; | ||
+ | *) | ||
+ | if [ " | ||
+ | PATH=$PATH: | ||
+ | else | ||
+ | PATH=$1: | ||
+ | fi | ||
+ | esac | ||
+ | } | ||
+ | |||
+ | # By default, we want umask to get set. This sets it for non-login shell. | ||
+ | # Current threshold for system reserved uid/gids is 200 | ||
+ | # You could check uidgid reservation validity in | ||
+ | # / | ||
+ | if [ $UID -gt 199 ] && [ " | ||
+ | umask 002 | ||
+ | else | ||
+ | umask 022 | ||
+ | fi | ||
+ | |||
+ | SHELL=/ | ||
+ | # Only display echos from profile.d scripts if we are no login shell | ||
+ | # and interactive - otherwise just process them to set envvars | ||
+ | for i in / | ||
+ | if [ -r " | ||
+ | if [ " | ||
+ | . " | ||
+ | else | ||
+ | . " | ||
+ | fi | ||
+ | fi | ||
+ | done | ||
+ | |||
+ | unset i | ||
+ | unset -f pathmunge | ||
+ | fi | ||
+ | |||
+ | # Need to be added for logging! By Michael.R | ||
+ | PROMPT_COMMAND=' | ||
+ | # vim: | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | * '' | ||
+ | < | ||
+ | # vim / | ||
+ | </ | ||
+ | |||
+ | <sxh bash; highlight: [62,63]> | ||
+ | # rsyslog configuration file | ||
+ | |||
+ | # For more information see / | ||
+ | # If you experience problems, see http:// | ||
+ | |||
+ | #### MODULES #### | ||
+ | |||
+ | # The imjournal module bellow is now used as a message source instead of imuxsock. | ||
+ | $ModLoad imuxsock # provides support for local system logging (e.g. via logger command) | ||
+ | $ModLoad imjournal # provides access to the systemd journal | ||
+ | #$ModLoad imklog # reads kernel messages (the same are read from journald) | ||
+ | #$ModLoad immark | ||
+ | |||
+ | # Provides UDP syslog reception | ||
+ | #$ModLoad imudp | ||
+ | # | ||
+ | |||
+ | # Provides TCP syslog reception | ||
+ | #$ModLoad imtcp | ||
+ | # | ||
+ | |||
+ | |||
+ | #### GLOBAL DIRECTIVES #### | ||
+ | |||
+ | # Where to place auxiliary files | ||
+ | $WorkDirectory / | ||
+ | |||
+ | # Use default timestamp format | ||
+ | $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat | ||
+ | |||
+ | # File syncing capability is disabled by default. This feature is usually not required, | ||
+ | # not useful and an extreme performance hit | ||
+ | # | ||
+ | |||
+ | # Include all config files in / | ||
+ | $IncludeConfig / | ||
+ | |||
+ | # Turn off message reception via local log socket; | ||
+ | # local messages are retrieved through imjournal now. | ||
+ | $OmitLocalLogging on | ||
+ | |||
+ | # File to store the position in the journal | ||
+ | $IMJournalStateFile imjournal.state | ||
+ | |||
+ | |||
+ | #### RULES #### | ||
+ | |||
+ | # Log all kernel messages to the console. | ||
+ | # Logging much else clutters up the screen. | ||
+ | # | ||
+ | |||
+ | # Log anything (except mail) of level info or higher. | ||
+ | # Don't log private authentication messages! | ||
+ | *.info; | ||
+ | |||
+ | # The authpriv file has restricted access. | ||
+ | authpriv.* | ||
+ | |||
+ | # Log all the mail messages in one place. | ||
+ | mail.* | ||
+ | |||
+ | # Added By Michael | ||
+ | local6.info | ||
+ | |||
+ | # Log cron stuff | ||
+ | cron.* | ||
+ | |||
+ | # Everybody gets emergency messages | ||
+ | *.emerg | ||
+ | |||
+ | # Save news errors of level crit and higher in a special file. | ||
+ | uucp, | ||
+ | |||
+ | # Save boot messages also to boot.log | ||
+ | local7.* | ||
+ | |||
+ | |||
+ | # ### begin forwarding rule ### | ||
+ | # The statement between the begin ... end define a SINGLE forwarding | ||
+ | # rule. They belong together, do NOT split them. If you create multiple | ||
+ | # forwarding rules, duplicate the whole block! | ||
+ | # Remote Logging (we use TCP for reliable delivery) | ||
+ | # | ||
+ | # An on-disk queue is created for this action. If the remote host is | ||
+ | # down, messages are spooled to disk and sent when it is up again. | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # remote host is: name/ | ||
+ | #*.* @@remote-host: | ||
+ | # ### end of the forwarding rule ### | ||
+ | </ | ||
+ | |||
+ | * '' | ||
+ | < | ||
+ | # touch / | ||
+ | # chmod 600 / | ||
+ | </ | ||
+ | |||
+ | * '' | ||
+ | < | ||
+ | # systemctl restart rsyslog.service | ||
+ | # systemctl status rsyslog.service | ||
+ | </ | ||
+ | |||
+ | |||
+ | |||
+ | ===== Splunk (Elasticsearch) | ||
+ | |||
+ | ==== Installation von Elasticsearch ==== | ||
+ | |||
+ | ==== Splunkforewarder Setup ==== | ||
+ | |||
+ | ... FIXME | ||
+ | |||
+ | Custom logs sind möglich. Unten ist dokumentiert wie das geht: | ||
+ | < | ||
+ | ### Monitor custom logs with splunkforwarder | ||
+ | |||
+ | # Create app folder structure | ||
+ | CUSTOM_APP=/ | ||
+ | mkdir -p $CUSTOM_APP | ||
+ | |||
+ | # Create inputs.conf and specify your custom logs | ||
+ | cat << EOF > ${CUSTOM_APP}/ | ||
+ | ### Put your custom logfiles here and define sourcetype and index | ||
+ | ### Documentation can be found here: https:// | ||
+ | |||
+ | # | ||
+ | # | ||
+ | # | ||
+ | |||
+ | # | ||
+ | # | ||
+ | # | ||
+ | |||
+ | EOF | ||
+ | |||
+ | # Restart splunkforwarder | ||
+ | systemctl restart splunkforwarder | ||
+ | </ | ||
+ | |||
+ | |||
+ | ===== Weiteres ===== | ||
Line 12: | Line 281: | ||
* [[https:// | * [[https:// | ||
+ | * [[https:// | ||
* [[https:// | * [[https:// | ||
+ | * [[https:// | ||
+ | |||
* [[https:// | * [[https:// | ||
wget https:// | wget https:// | ||
Line 32: | Line 304: | ||
WantedBy=multi-user.target | WantedBy=multi-user.target | ||
</ | </ | ||
+ | |||
* [[https:// | * [[https:// | ||
* **Tool wie Patchnix:** [[https:// | * **Tool wie Patchnix:** [[https:// |