Stars
文章
24
分类
1
评论
0

Loki 收集syslog日志

| 默认分类
字数总计 3227 | 阅读时长 8分钟 | 阅读量 378

Loki 收集syslog日志

[TOC]

参考:

https://grafana.com/docs/loki/latest/clients/promtail/configuration/

https://www.syslog-ng.com/community/b/blog/posts/sending-logs-from-syslog-ng-to-grafana-loki

1. 配置promtail 开启syslog日志监听

# cat /etc/promtail/promtail.yaml 
server:
  disable: true
  http_listen_port: 9080
  grpc_listen_port: 9095

positions:
  filename: /usr/local/promtail/positions.yaml

clients:
  - url: http://10.x.x.x:3100/loki/api/v1/push
    basic_auth:
      username: loki
      password: loki

scrape_configs:
  - job_name: syslog
    syslog:
      listen_address: 0.0.0.0:1514
      idle_timeout: 60s
      label_structured_data: yes
      labels:
        job: "syslog"
    relabel_configs:
      - source_labels: ['__syslog_message_hostname']
        target_label: 'host'


        

Available Labels
__syslog_connection_ip_address: The remote IP address.
__syslog_connection_hostname: The remote hostname.
__syslog_message_severity: The syslog severity parsed from the message. Symbolic name as per syslog_message.go.
__syslog_message_facility: The syslog facility parsed from the message. Symbolic name as per syslog_message.go and syslog(3).
__syslog_message_hostname: The hostname parsed from the message.
__syslog_message_app_name: The app-name field parsed from the message.
__syslog_message_proc_id: The procid field parsed from the message.
__syslog_message_msg_id: The msgid field parsed from the message.
__syslog_message_sd_<sd_id>[_<iana_enterprise_id>]_<sd_name>: The structured-data field parsed from the message. The data field

2. syslog-ng 配置

2.1 安装

# 卸载自带 rsyslog
# 安装syslog-ng
yum install epel-release
yum install syslog-ng

2.2 创建udp 514 监听端口

### 配置udp 514 转发 到promtail
#cat /etc/syslog-ng/conf.d/loki.conf
source udp514 {
    udp(ip(0.0.0.0) port(514));
};

destination d_loki {
  syslog("localhost" transport("tcp") port(1514));
};

log {
  source(udp514);
  destination(d_loki);
};

# 启动
systemctl start syslog-ng
systemctl enable syslog-ng

2.3 rsyslog (可选)

.....自行研究

action(type="omfwd" protocol="tcp" port="<promtail_port>" Template="RSYSLOG_SyslogProtocol23Format" TCP_Framing="octet-counted")

2.4 测试发送一条日志

logcli query --tail '{host=~"x.x.x.x"}'
logger -d -P 514 -n <syslog-ng_ip> "Hello world"

3. Windows转发syslog

转发工具evtsys

使用说:看目录下 readme

# 拷贝文件到 windows/system目录下面
# 安装
evtsys -i -h <syslog-ng_ip> -p 514
# 启停
net start evtsys
net stop evtsys
# 卸载
evtsys -u
文章作者: Stars
本文链接:
版权声明: 本站所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自 Stars
默认分类 monitor
喜欢就支持一下吧