redhat:server-monitoring-redhat:start

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
Next revisionBoth sides next revision
redhat:server-monitoring-redhat:start [2018/04/18 09:49] michaelredhat:server-monitoring-redhat:start [2020/03/05 16:04] michael
Line 1: Line 1:
 ====== Server Monitoring Redhat / CentOS ====== ====== Server Monitoring Redhat / CentOS ======
  
-===== Monitoring von User-Eingaben Systemweit ===== 
  
 +
 +===== Systemweites Logging aller User Commands  =====
 +Gewünscht wird das loggen von sämtlichen Kommandos, aller Usern System-weit. Um dies zu realisieren müssen dazu zwei Files angepasst und der ''rsyslog'' Dienst neugestartet werden. 
 +
 +  * ''**Schritt 1** - Editieren der global geltenden System Bahrc:''
 +<WRAP center box 100%>
 <code> <code>
 # vim /etc/bashrc # vim /etc/bashrc
 </code> </code>
  
-<sxh bash>+<sxh bash; highlight: [93,94]>
 # /etc/bashrc # /etc/bashrc
  
Line 104: Line 109:
 # vim:ts=4:sw=4 # vim:ts=4:sw=4
 </sxh> </sxh>
 +</WRAP>
  
 +  * ''**Schritt 2** - Editieren der rsyslog Konfiguration und hinzufügen eines neuen Log-Pfades:''
 <code> <code>
 # vim /etc/rsyslog.conf # vim /etc/rsyslog.conf
 </code> </code>
  
-<sxh bash>+<sxh bash; highlight: [62,63]>
 # rsyslog configuration file # rsyslog configuration file
  
Line 206: Line 212:
 </sxh> </sxh>
  
 +  * ''**Schritt 3** - Initiales erstellen des Log-Files und setzen der File Berechtigung:''
 <code> <code>
 # touch /var/log/history.log # touch /var/log/history.log
Line 212: Line 218:
 </code> </code>
  
 +  * ''**Schritt 4** - Restarten des rsyslog services:''
 <code> <code>
 # systemctl restart rsyslog.service # systemctl restart rsyslog.service
Line 219: Line 226:
  
  
 +===== Splunk (Elasticsearch)  =====
  
-----+==== Installation von Elasticsearch ====
  
-===== Weiteres =====+==== Splunkforewarder Setup ====
  
 +... FIXME
 +
 +Custom logs sind möglich. Unten ist dokumentiert wie das geht:
 +<code>
 +### Monitor custom logs with splunkforwarder
 +
 +# Create app folder structure
 +CUSTOM_APP=/opt/splunkforwarder/etc/apps/sbb_custom_app_logs/local
 +mkdir -p $CUSTOM_APP
 +
 +# Create inputs.conf and specify your custom logs
 +cat << EOF > ${CUSTOM_APP}/inputs.conf
 +### Put your custom logfiles here and define sourcetype and index
 +### Documentation can be found here: https://docs.splunk.com/Documentation/Splunk/latest/Admin/Inputsconf
 +
 +#[monitor:///var/log/yourlog.log]
 +#sourcetype=syslog
 +#index=sbb_cloudlinux
 +
 +#[monitor:///data/log/yourlog.log]
 +#sourcetype=syslog
 +#index=sbb_cloudlinux
 +
 +EOF
 +
 +# Restart splunkforwarder
 +systemctl restart splunkforwarder 
 +</code>
 +
 +
 +
 +===== Logging Stacks - Infrastructure Logging =====
 +
 +  * https://angristan.xyz/monitoring-telegraf-influxdb-grafana/
 +  * https://www.blog.labouardy.com/monitor-your-infrastructure-with-tig-stack/
 +  * https://gist.github.com/mlabouardy/c4d8effdb31ba75ac63326a8d911a379
 +
 +===== Weiteres =====
  
 Zabbix: http://www.geekpills.com/operating-system/linux/zabbix-installation-of-zabbix-server-on-centos Zabbix: http://www.geekpills.com/operating-system/linux/zabbix-installation-of-zabbix-server-on-centos
  • redhat/server-monitoring-redhat/start.txt
  • Last modified: 2020/03/05 16:20
  • by michael