Network Engieer Linux Administrator
分类: 系统运维
2013-03-08 23:10:00
This article is for network administrator to collect/analyze the logs from Linux servers and network devices.
1. Install
We can download Splunk from .com, install it on the linux / windows, this time I am using Redhat Enterprise Linux 6.2 x64.
#rpm -ivh splunk-5.0-140868-linux-2.6-x86_64.rpm
2. First login and configure the password
Access the management IP address and port:
中文用:
The default username and password is “admin” and “changeme”, it is recommended to change the password.
Click “Getting started tutorial” from the page, open the page:
3. Import the log data from Local Linux system.
Click “Manager” and “Data inputs”, open the page below:
Click “Files & directories”, go the URL:
Click “New”, go to the URL:
Input the log file path and name: /var/log/messages, click “Cotinue”.
Click “Continue”
Click “Continue”
Click “Save”
Click “New” again, repeat the steps, add the log from /var/log/secure
You can add other log files if necessary.
4. Collect log from network device
Click “Manager” and “Data inputs”, open the page below:
Click “Add new” behind “UDP”.
Input the UDP port, I use “1514”, type is “syslog”, click “Save”
Configure the cisco router:
The example is from C2691-ADVIPSERVICESK9-M, Version 12.4(15)T6.
/////////////////
logging trap notifications
logging facility local5
logging source-interface FastEthernet0/1
logging host 192.168.1.162 transport udp port 1514
//////////////////
5. Collect log from other Linux servers, the example is rsyslog service.
#vi /etc/rsyslog.conf
###append the line below:
*.info;mail.none;cron.*;local6.none;authpriv.* @192.1681.162:1514
#service rsyslog restart
6. Review the logs.
Click “App”---“Search”, we can review the logs:
My friends, please create custom “Search”, “Report”, “Alert” and “Jobs”, I am sure it is very easy.
