Chinaunix首页 | 论坛 | 博客
  • 博客访问: 26175
  • 博文数量: 6
  • 博客积分: 165
  • 博客等级: 入伍新兵
  • 技术积分: 60
  • 用 户 组: 普通用户
  • 注册时间: 2009-04-26 12:03
个人简介

Network Engieer Linux Administrator

文章分类
文章存档

2013年(2)

2012年(1)

2009年(3)

我的朋友

分类: 系统运维

2013-03-08 23:10:00

This article is for network administrator to collect/analyze the logs from Linux servers and network devices.

 

1. Install

We can download Splunk from www.splunk .com, install it on the linux / windows, this time I am using Redhat Enterprise Linux 6.2 x64.

#rpm -ivh splunk-5.0-140868-linux-2.6-x86_64.rpm

 

2. First login and configure the password

Access the management IP address and port:

http://192.168.1.162:8000/en-US/account/login

中文用:

http://192.168.1.162:8000/zh-CN/account/login

 

clip_image002

The default username and password is “admin” and “changeme”, it is recommended to change the password.

 

http://192.168.1.162:8000/en/app/launcher/home

http://192.168.1.162:8000/zh-CN/app/launcher/home

clip_image004

 

Click “Getting started tutorial” from the page, open the page:

http://192.168.1.162:8000/en-US/app/gettingstarted/getstarted

 

clip_image006

 

 

3. Import the log data from Local Linux system.

Click “Manager” and “Data inputs”, open the page below:

http://192.168.1.162:8000/en-US/manager/gettingstarted/datainputstats

 

clip_image008

 

Click “Files & directories”, go the URL:

http://192.168.1.162:8000/en-US/manager/gettingstarted/data/inputs/monitor

 

clip_image010

 

Click “New”, go to the URL:

http://192.168.1.162:8000/en-US/custom/splunk_datapreview/steps?return_to=%2Fen-US%2Fmanager%2Fgettingstarted%2Fdatainputstats&endpoint_base=data%2Finputs%2Fmonitor&ns=gettingstarted&breadcrumbs=

 

clip_image012

Input the log file path and name: /var/log/messages, click “Cotinue”.

 

clip_image014

Click “Continue”

 

 

clip_image016

Click “Continue”

 

clip_image018

 

clip_image020

Click “Save”

 

clip_image022

 

Click “New” again, repeat the steps, add the log from /var/log/secure

 

clip_image024

 

You can add other log files if necessary.

 

 

4. Collect log from network device

Click “Manager” and “Data inputs”, open the page below:

http://192.168.1.162:8000/en-US/manager/gettingstarted/datainputstats

clip_image026

 

Click “Add new” behind “UDP”.

clip_image028

Input the UDP port, I use “1514”, type is “syslog”, click “Save”

 

clip_image030

 

Configure the cisco router:

The example is from C2691-ADVIPSERVICESK9-M, Version 12.4(15)T6.

 

/////////////////

logging trap notifications

logging facility local5

logging source-interface FastEthernet0/1

logging host 192.168.1.162 transport udp port 1514

//////////////////

 

 

5. Collect log from other Linux servers, the example is rsyslog service.

 

#vi /etc/rsyslog.conf

 

###append the line below:

*.info;mail.none;cron.*;local6.none;authpriv.*  @192.1681.162:1514

 

#service rsyslog restart

 

6. Review the logs.

Click “App”---“Search”, we can review the logs:

 

clip_image032

 

 

My friends, please create custom “Search”, “Report”, “Alert” and “Jobs”, I am sure it is very easy.

阅读(2633) | 评论(0) | 转发(0) |
0

上一篇:bad repo in redhat 6.1 x64 DVD

下一篇:没有了

给主人留下些什么吧!~~