Syslog常被称为系统日志或系统记录,是一种用来在互联网协议(TCP/IP)的网上中传递记录档消息的标准。
在实际业务应用中,会通过UDP将syslog传送到ELK进行分析使用。python配置syslog的方式还是比较简单的。
数据发送端
#!/usr/bin/env python3
# encoding: utf-8
import datetime
import logging
import logging.handlers # handlers要单独import
import requests
import os
from threading import Timer
def createDir(dirPath):
# 如果目录存在则退出
if os.path.exists(dirPath):
return
os.mkdir(dirPath)
#当前时间
nowDate = datetime.datetime.now().strftime('%Y-%m-%d')
logFilePath = './logs/'
createDir(logFilePath)
logFilename = '{}{}.log'.format(logFilePath, nowDate)
#写日志
logging.basicConfig(
#控制台打印的日志级别
level = logging.INFO,
filename = logFilename,
##模式,有w和a,w就是写模式,每次都会重新写日志,覆盖之前的日志
#a是追加模式,默认如果不写的话,就是追加模式
filemode = 'a',
#日志格式 '%(asctime)s - %(pathname)s[line:%(lineno)d] - %(levelname)s: %(message)s'
format =
'%(asctime)s - %(levelname)s: %(message)s'
)
logger = logging.getLogger()
fh = logging.handlers.SysLogHandler(('127.0.0.1', 514), logging.handlers.SysLogHandler.LOG_AUTH)
#formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')
#fh.setFormatter(formatter)
logger.addHandler(fh)
def send():
ti = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')
logging.info('>>>>{}'.format(ti))
def task():
send()
t = Timer(3, task)
t.start()
if __name__ == '__main__':
task()数据接收端
#!/usr/bin/env python3
# encoding: utf-8
import socket
from datetime import date
udp = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
udp.bind(('0.0.0.0',514))
while True:
rec_msg, addr = udp.recvfrom(2048)
client_ip, client_port =addr
msg = client_ip + " " + rec_msg.rstrip(b'\x00').decode('utf-8','ignore')
#print('msg from client:', msg)
filename = client_ip + '_' + str(date.today()) + ".log"
with open(filename,'a+',encoding = "utf-8") as f:
f.write( msg + "\n")
print(msg)通过crontab定时任务进行进程守护
#!/usr/bin/env python3
# encoding: utf-8
import os
import psutil
#for p in psutil.process_iter():
# print(p.name())
def monitorProcess():
if "sysRecieve.py" in (p.name() for p in psutil.process_iter()):
print('进程存在')
else:
print('进程不存在')
os.system(" python3 sysRecieve.py &")
if __name__ == '__main__':
monitorProcess()日志转发到其他地址或者端口
#!/usr/bin/env python3
# encoding: utf-8
import logging
import logging.handlers # handlers要单独import
import socket
from datetime import date
import datetime
import os
def createDir(dirPath):
# 如果目录存在则退出
if os.path.exists(dirPath):
return
os.mkdir(dirPath)
#当前时间
nowDate = datetime.datetime.now().strftime('%Y-%m-%d')
logFilePath = './logs/'
createDir(logFilePath)
logFilename = '{}{}-1.log'.format(logFilePath, nowDate)
#写日志
logging.basicConfig(
#控制台打印的日志级别
level = logging.INFO,
filename = logFilename,
##模式,有w和a,w就是写模式,每次都会重新写日志,覆盖之前的日志
#a是追加模式,默认如果不写的话,就是追加模式
filemode = 'a',
#日志格式 '%(asctime)s - %(pathname)s[line:%(lineno)d] - %(levelname)s: %(message)s'
format =
'%(asctime)s - %(levelname)s: %(message)s'
)
logger = logging.getLogger()
fh = logging.handlers.SysLogHandler(('0.0.0.0', 8002), logging.handlers.SysLogHandler.LOG_AUTH)
#formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')
#fh.setFormatter(formatter)
logger.addHandler(fh)
udp = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
udp.bind(('0.0.0.0',514))
while True:
rec_msg, addr = udp.recvfrom(2048)
client_ip, client_port =addr
msg = rec_msg.rstrip(b'\x00').decode('utf-8','ignore')
#print('msg from client:', msg)
filename = 'syslog-' + str(date.today()) + "-1.log"
with open(filename,'a+',encoding = "utf-8") as f:
f.write( msg + "\n")
logging.info('>>>>{}'.format(msg))
#print(msg)