日志集中统一部署

随着服务器的增多，逐一登陆服务器查看相关的日志已经显得很繁琐和很耗时，需要将各服务器产生的重要日志实时传输到集中统一日志中心，然后进行归类汇总查看！

注意修改机器的hostname

因为系统是通过对应的hostname来进行过滤处理的

查看地址

http://192.168.28.204/login.php
用户名：admin,密码：1qazxsw2

客户端机器配置

1. 需要安装syslog-ng组件
2. 默认的配置文件：/opt/syslog-ng/etc/syslog-ng.conf
3. 服务的重启命令：service syslog-ng status|start|stop|restart
4. 外网日志网络传输需要使用：111.205.96.15

参考的配置文件：
<source lang="php">

@version: 3.0

1. Default configuration file for syslog-ng.
3. For a description of syslog-ng configuration file directives, please read
4. the syslog-ng Administrator's guide at:
6. http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/bk01-toc.html

options { };

2. sources

source s_local {

1. message generated by Syslog-NG

internal();

1. standard Linux log source (this is the default place for the syslog()
2. function to send logs to)

unix-stream("/dev/log");

1. messages from the kernel

file("/proc/kmsg" program_override("kernel: "));

};

source s_php {

       file("/usr/local/php5.3/var/log/php_errors.log");

};

filter f_local { facility(local0,local1,local2,local3,local4,local5,local6,local7); }; filter f_php_error { message("PHP (Parse|Compile|Fatal|Core) error");};

2. destinations

destination d_messages { file("/var/log/messages");};

log { source(s_local);destination(d_messages);};

destination d_tcp { tcp("192.168.28.204" port(514));};

1. log { source(s_local); destination(d_tcp);};

log { source(s_local); filter(f_local); destination(d_tcp); }; log { source(s_php); filter(f_php_error); destination(d_tcp); };

</source>

如何接管PHP的日志

php.ini中的配置：
error_reporting = E_ALL | E_STRICT
display_errors = On
display_startup_errors = On
log_errors = On
error_log = syslog

php-fpm.conf中的配置
error_log=syslog
log_level = notice
catch_workers_output = yes
php_flag[display_errors] = on
php_flag[display_startup_errors] = on
php_admin_value[error_log]=syslog

修改对应的配置文件之后需要重启对应的进程

1. kill -USR2 php-fpm的主进程ID
2. /usr/local/nginx/sbin/nginx -s reload

PHP程序如何调用

直接调用方法:function write_log_center($name,$level,$message)
$name:用来定义一个唯一识别的标记
$level:参考如下

 Constant    Description 
 LOG_EMERG   system is unusable 
 LOG_ALERT   action must be taken immediately 
 LOG_CRIT    critical conditions 
 LOG_ERR     error conditions 
 LOG_WARNING warning conditions 
 LOG_NOTICE  normal, but significant, condition 
 LOG_INFO    informational message 
 LOG_DEBUG   debug-level message 
 

$message:日志的具体内容