建议优化 syslog 相关内容

只看该作者 · 发表于 2019-3-29 15:16

大多数设备都会提供外部 syslog 的选项
但是实际收到的内容确实千奇百怪，这样的情况下，就算第三方 syslog 服务器愿意做二次开发，对这些内容也是无能为力
建议在操作手册里能详细描述一下 syslog 的格式，方便外部 syslog 服务器做分析和二次开发。即使每个设备产生的日志内容不同，只要有个文档能说明也行，但是现在根本找不到。。。

以下内容中包含了 AC AD AF aCloud VDI 产生的 syslog
2019-03-29 13:32:01 Kernel.Warning 10.88.220.18 Mar 29 13:32:00 host-54802851eec4 kernel: [2241951.281707] ACPI Exception: AE_AML_BUFFER_LIMIT, Evaluating _PMM (20130517/power_meter-339)
2019-03-29 13:32:01 Kernel.Warning 10.88.220.16 Mar 29 13:32:00 host-54802851e93c kernel: [8093441.809232] ACPI Error: SMBus/IPMI/GenericSerialBus write requires Buffer of length 66, found length 32 (20130517/exfield-389)
2019-03-29 13:32:01 Kernel.Warning 10.88.220.16 Mar 29 13:32:00 host-54802851e93c kernel: [8093441.809237] ACPI Error: Method parse/execution failed [\_SB_.PMI0._PMM] (Node ffff885f9350e000), AE_AML_BUFFER_LIMIT (20130517/psparse-536)
2019-03-29 13:32:01 Kernel.Warning 10.88.220.16 Mar 29 13:32:00 host-54802851e93c kernel: [8093441.809243] ACPI Exception: AE_AML_BUFFER_LIMIT, Evaluating _PMM (20130517/power_meter-339)
2019-03-29 13:32:01 Kernel.Warning 10.88.220.15 Mar 29 13:32:00 host-54802851ebdc kernel: [8092472.713839] ACPI Error: SMBus/IPMI/GenericSerialBus write requires Buffer of length 66, found length 32 (20130517/exfield-389)
2019-03-29 13:32:01 Kernel.Warning 10.88.220.15 Mar 29 13:32:00 host-54802851ebdc kernel: [8092472.713845] ACPI Error: Method parse/execution failed [\_SB_.PMI0._PMM] (Node ffff887f92ce5000), AE_AML_BUFFER_LIMIT (20130517/psparse-536)
2019-03-29 13:32:01 Kernel.Warning 10.88.220.15 Mar 29 13:32:00 host-54802851ebdc kernel: [8092472.713852] ACPI Exception: AE_AML_BUFFER_LIMIT, Evaluating _PMM (20130517/power_meter-339)
2019-03-29 13:34:19 Local1.Info 10.88.221.9 [(null)][SSLLOGS] ssllogs runing...
2019-03-29 13:34:19 Local1.Info 10.88.221.9 [CTRL SYS][convertd]system /etc/init.d/ssllogs restart success, ret=0, nret = 0, WIFEXITED=1, WEXITSTATUS=0
2019-03-29 13:34:19 Local1.Info 10.88.221.9 [CTRL SYS][convertd]Recv a ctrl msg and execute success!
2019-03-29 13:34:19 Local1.Info 10.88.221.9 [CTRL SYS][convertd]Execute recive order success!
2019-03-29 13:34:19 Local1.Info 10.88.221.9 [CTRL SYS][convertd]Send to 65477 execute result success!
2019-03-29 13:34:19 Local1.Info 10.88.221.9 [CTRL SYS][convertd]Type "1252720581" enqueue success time =1553837656 !
2019-03-29 13:34:19 Local1.Info 10.88.221.9 [CTRL SYS][convertd]Collect send msg queue failed!reason = No message of desired type
2019-03-29 13:34:19 Local1.Info 10.88.221.9 [CTRL SYS][convertd]Collect send msg queue failed!reason = No message of desired type
2019-03-29 13:34:30 Local1.Info 10.88.221.9 [(null)][vdictrl]agent is imperfect, agent vm(47) socket(128) agent ip(10.88.227.205),status(0x5),old_Runtime_state=15!please reinstall agent!
2019-03-29 13:34:45 Local1.Info 10.88.221.9 [(null)][vdictrl]agent is imperfect, agent vm(47) socket(128) agent ip(10.88.227.205),status(0x5),old_Runtime_state=15!please reinstall agent!
2019-03-29 13:35:00 Local1.Info 10.88.221.9 [(null)][vdictrl]agent is imperfect, agent vm(47) socket(128) agent ip(10.88.227.205),status(0x5),old_Runtime_state=15!please reinstall agent!
2019-03-29 13:35:15 Local1.Info 10.88.221.9 [(null)][vdictrl]agent is imperfect, agent vm(47) socket(128) agent ip(10.88.227.205),status(0x5),old_Runtime_state=15!please reinstall agent!
2019-03-29 13:35:30 Local1.Info 10.88.221.9 [(null)][vdictrl]agent is imperfect, agent vm(47) socket(128) agent ip(10.88.227.205),status(0x5),old_Runtime_state=15!please reinstall agent!
2019-03-29 13:35:34 Local1.Info 10.88.221.9 [(null)][checksn]1000!
2019-03-29 13:35:45 Local1.Info 10.88.221.9 [(null)][vdictrl]agent is imperfect, agent vm(47) socket(128) agent ip(10.88.227.205),status(0x5),old_Runtime_state=15!please reinstall agent!
2019-03-29 13:35:47 Local0.Info 10.88.221.9 [modify data][success]admin from IP 10.88.227.12: Saved SYSLOG configurations
2019-03-29 13:35:47 Local0.Info 10.88.221.9 [System]admin from IP 10.88.227.12: Saved SYSLOG configurations
2019-03-29 13:35:49 Local1.Info 10.88.221.9 [CTRL SYS][convertd]Send msg success! mod=7,cmd=2,type=1344995269,mtype=65477.
2019-03-29 13:35:49 Local1.Info 10.88.221.9 [CTRL SYS][convertd]rcvmsg_buf rcmsg success!
2019-03-29 13:37:25 Local0.Info 10.88.221.9 [modify data][success]admin from IP 10.88.227.12: Saved SYSLOG configurations
2019-03-29 13:37:25 Local0.Info 10.88.221.9 [System]admin from IP 10.88.227.12: Saved SYSLOG configurations
2019-03-29 13:37:27 Local1.Info 10.88.221.9 [(null)][SSLLOGS] ssllogs runing...
2019-03-29 13:37:27 Local1.Info 10.88.221.9 [CTRL SYS][convertd]system /etc/init.d/ssllogs restart success, ret=0, nret = 0, WIFEXITED=1, WEXITSTATUS=0
2019-03-29 13:37:27 Local1.Info 10.88.221.9 [CTRL SYS][convertd]Recv a ctrl msg and execute success!
2019-03-29 13:37:27 Local1.Info 10.88.221.9 [CTRL SYS][convertd]Execute recive order success!
2019-03-29 13:37:27 Local1.Info 10.88.221.9 [CTRL SYS][convertd]Send to 65477 execute result success!
2019-03-29 13:37:27 Local1.Info 10.88.221.9 [CTRL SYS][convertd]Type "1462763461" enqueue success time =1553837844 !
2019-03-29 13:37:27 Local1.Info 10.88.221.9 [CTRL SYS][convertd]Collect send msg queue failed!reason = No message of desired type
2019-03-29 13:37:30 Local1.Info 10.88.221.9 [(null)][vdictrl]agent is imperfect, agent vm(47) socket(128) agent ip(10.88.227.205),status(0x5),old_Runtime_state=15!please reinstall agent!
2019-03-29 13:37:45 Local1.Info 10.88.221.9 [(null)][vdictrl]agent is imperfect, agent vm(47) socket(128) agent ip(10.88.227.205),status(0x5),old_Runtime_state=15!please reinstall agent!
2019-03-29 13:38:00 Local1.Info 10.88.221.9 [(null)][vdictrl]agent is imperfect, agent vm(47) socket(128) agent ip(10.88.227.205),status(0x5),old_Runtime_state=15!please reinstall agent!
2019-03-29 13:38:15 Local1.Info 10.88.221.9 [(null)][vdictrl]agent is imperfect, agent vm(47) socket(128) agent ip(10.88.227.205),status(0x5),old_Runtime_state=15!please reinstall agent!
2019-03-29 13:45:15 Local1.Info 10.88.221.9 [(null)][vdictrl]agent is imperfect, agent vm(47) socket(128) agent ip(10.88.227.205),status(0x5),old_Runtime_state=15!please reinstall agent!
2019-03-29 13:45:30 Local1.Info 10.88.221.9 [(null)][vdictrl]agent is imperfect, agent vm(47) socket(128) agent ip(10.88.227.205),status(0x5),old_Runtime_state=15!please reinstall agent!
2019-03-29 13:45:34 Local1.Info 10.88.221.9 [(null)][checksn]1000!
2019-03-29 13:45:44 Local1.Error 10.88.221.9 [(null)][VDI] [Fri Mar 29 13:45:41 CST 2019] time out
2019-03-29 13:58:16 Local1.Info 10.88.221.9 [(null)][vdictrl]agent is imperfect, agent vm(47) socket(128) agent ip(10.88.227.205),status(0x5),old_Runtime_state=15!please reinstall agent!
2019-03-29 13:58:30 Local1.Info 10.88.221.9 [(null)][vdictrl]agent is imperfect, agent vm(47) socket(128) agent ip(10.88.227.205),status(0x5),old_Runtime_state=15!please reinstall agent!
2019-03-29 13:58:45 Local1.Info 10.88.221.9 [(null)][vdictrl]agent is imperfect, agent vm(47) socket(128) agent ip(10.88.227.205),status(0x5),old_Runtime_state=15!please reinstall agent!
2019-03-29 13:59:00 Local1.Info 10.88.221.9 [(null)][vdictrl]agent is imperfect, agent vm(47) socket(128) agent ip(10.88.227.205),status(0x5),old_Runtime_state=15!please reinstall agent!
2019-03-29 13:59:15 Local1.Info 10.88.221.9 [(null)][vdictrl]agent is imperfect, agent vm(47) socket(128) agent ip(10.88.227.205),status(0x5),old_Runtime_state=15!please reinstall agent!
-29 14:02:30 Local1.Info 10.88.221.9 [(null)][vdictrl]agent is imperfect, agent vm(47) socket(128) agent ip(10.88.227.205),status(0x5),old_Runtime_state=15!please reinstall agent!
2019-03-29 14:02:46 Local1.Info 10.88.221.9 [(null)][vdictrl]agent is imperfect, agent vm(47) socket(128) agent ip(10.88.227.205),status(0x5),old_Runtime_state=15!please reinstall agent!
2019-03-29 14:03:00 Local1.Info 10.88.221.9 [(null)][vdictrl]agent is imperfect, agent vm(47) socket(128) agent ip(10.88.227.205),status(0x5),old_Runtime_state=15!please reinstall agent!
2019-03-29 14:03:15 Local1.Info 10.88.221.9 [(null)][applocker]auto update return value is :-1
2019-03-29 14:03:15 Local1.Info 10.88.221.9 [(null)][vdictrl]agent is imperfect, agent vm(47) socket(128) agent ip(10.88.227.205),status(0x5),old_Runtime_state=15!please reinstall agent!
2019-03-29 14:03:15 Local1.Info 10.88.221.9 [(null)][vdictrl]clean data before 24 hour
2019-03-29 14:03:30 Local1.Info 10.88.221.9 [(null)][vdictrl]agent is imperfect, agent vm(47) socket(128) agent ip(10.88.227.205),status(0x5),old_Runtime_state=15!please reinstall agent!
-03-29 14:05:15 Local1.Info 10.88.221.9 [(null)][vdictrl]agent is imperfect, agent vm(47) socket(128) agent ip(10.88.227.205),status(0x5),old_Runtime_state=15!please reinstall agent!
2019-03-29 14:05:30 Local1.Info 10.88.221.9 [(null)][vdictrl]agent is imperfect, agent vm(47) socket(128) agent ip(10.88.227.205),status(0x5),old_Runtime_state=15!please reinstall agent!
2019-03-29 14:05:34 Local1.Info 10.88.221.9 [(null)][checksn]1000!
2019-03-29 14:05:44 Local1.Error 10.88.221.9 [(null)][VDI] [Fri Mar 29 14:05:41 CST 2019] time out
2019-03-29 14:08:45 Local1.Info 10.88.221.9 [(null)][vdictrl]agent is imperfect, agent vm(47) socket(128) agent ip(10.88.227.205),status(0x5),old_Runtime_state=15!please reinstall agent!
2019-03-29 14:09:00 Local1.Info 10.88.221.9 [(null)][vdictrl]agent is imperfect, agent vm(47) socket(128) agent ip(10.88.227.205),status(0x5),old_Runtime_state=15!please reinstall agent!
2019-03-29 14:09:15 Local1.Info 10.88.221.9 [(null)][vdictrl]agent is imperfect, agent vm(47) socket(128) agent ip(10.88.227.205),status(0x5),old_Runtime_state=15!please reinstall agent!
2019-03-29 14:09:30 Local1.Info 10.88.221.9 [(null)][vdictrl]agent is imperfect, agent vm(47) socket(128) agent ip(10.88.227.205),status(0x5),old_Runtime_state=15!please reinstall agent!
2019-03-29 14:09:46 Local1.Info 10.88.221.9 [(null)][vdictrl]agent is imperfect, agent vm(47) socket(128) agent ip(10.88.227.205),status(0x5),old_Runtime_state=15!please reinstall agent!
2019-03-29 14:09:50 Local1.Info 10.88.221.9 [CTRL SYS][convertd]Send msg success! mod=7,cmd=2,type=1480523717,mtype=65477.
2019-03-29 14:09:50 Local1.Info 10.88.221.9 [CTRL SYS][convertd]rcvmsg_buf rcmsg success!
2019-03-29 14:15:33 Local0.Info 10.100.1.2 Mar 29 14:15:32 localhost fwlog: 鏃ュ織绫诲瀷:娴侀噺瀹¤, 搴旂敤绫诲瀷:Other, 鐢ㄦ埛鍚?涓绘満:10.88.120.36, 涓婅娴侀噺(KB):464, 涓嬭娴侀噺(KB):108, 鎬绘祦閲?KB):572
2019-03-29 14:27:43 Local0.Info 10.100.1.2 Mar 29 14:27:42 localhost fwlog: 日志类型:流量审计, 应用类型

Q, 用户名/主机:10.88.227.179, 上行流量(KB):1708, 下行流量(KB):13639, 总流量(KB):15347
2019-03-29 14:27:43 Local0.Info 10.100.1.2 Mar 29 14:27:42 localhost fwlog: 日志类型:流量审计, 应用类型:搜索引擎, 用户名/主机:10.88.120.221, 上行流量(KB):964, 下行流量(KB):3188, 总流量(KB):4152
2019-03-29 14:27:49 Local0.Info 10.100.1.2 Mar 29 14:27:48 localhost fwlog: 日志类型:流量审计, 应用类型:搜索引擎, 用户名/主机:10.88.25.20, 上行流量(KB):13270, 下行流量(KB):6387, 总流量(KB):19657
2019-03-29 14:27:51 Local0.Info 10.100.1.2 Mar 29 14:27:50 localhost fwlog: 日志类型:流量审计, 应用类型:腾讯微信, 用户名/主机:10.88.120.204, 上行流量(KB):4164, 下行流量(KB):6529, 总流量(KB):10693
2019-03-29 14:27:51 Local0.Info 10.100.1.2 Mar 29 14:27:50 localhost fwlog: 日志类型:流量审计, 应用类型:Other, 用户名/主机:10.88.130.222, 上行流量(KB):7690, 下行流量(KB):3557, 总流量(KB):11247
2019-03-29 14:27:51 Local0.Info 10.100.1.2 Mar 29 14:27:50 localhost fwlog: 日志类型:流量审计, 应用类型:Microsoft数据, 用户名/主机:10.88.130.166, 上行流量(KB):467, 下行流量(KB):4054, 总流量(KB):4521
2019-03-29 14:27:53 Local0.Info 10.100.1.2 Mar 29 14:27:52 localhost fwlog: 日志类型:流量审计, 应用类型:SSL, 用户名/主机:10.88.130.18, 上行流量(KB):386775, 下行流量(KB):757473, 总流量(KB):1144248
2019-03-29 14:27:53 Local0.Info 10.100.1.2 Mar 29 14:27:52 localhost fwlog: 日志类型:流量审计, 应用类型:钉钉, 用户名/主机:10.88.120.89, 上行流量(KB):31955, 下行流量(KB):38280, 总流量(KB):70235
2019-03-29 14:27:54 Local0.Info 10.100.1.2 Mar 29 14:27:53 localhost fwlog: 日志类型:系统操作, 用户:admin(local), IP地址:10.88.227.12, 操作对象:日志过滤, 操作类型:修改, 描述:日志过滤修改成功
2019-03-29 14:28:49 Local0.Info 10.100.1.2 Mar 29 14:28:48 localhost fwlog: 日志类型:系统操作, 用户:admin(local), IP地址:10.88.227.12, 操作对象:日志过滤, 操作类型:修改, 描述:日志过滤修改成功
2019-03-29 14:29:38 Local5.Notice 10.100.2.1 Mar 29 14:29:37 src@B2 : "admin", "10.88.227.12", "更新", "系统配置", "更新Syslog设置"
2019-03-29 14:29:38 Local5.Notice 10.100.2.1 Mar 29 14:29:37 src@B2 : "admin", "10.88.227.12", "查看", "系统配置", "查看Syslog设置"