CentOS Web服务器日志管理与监控技巧

一、基础日志配置

1. Apache日志配置

# /etc/httpd/conf/httpd.conf
ErrorLog "|/usr/sbin/rotatelogs /var/log/httpd/error_log.%Y%m%d 86400"
CustomLog "|/usr/sbin/rotatelogs /var/log/httpd/access_log.%Y%m%d 86400" combined

# 日志格式自定义
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

2. Nginx日志配置

# /etc/nginx/nginx.conf
http {
    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';

    access_log /var/log/nginx/access.log main;
    error_log /var/log/nginx/error.log warn;

    # 日志轮转
    access_log /var/log/nginx/access.log main buffer=32k flush=5m;
}

二、日志轮转管理

1. 使用logrotate

# /etc/logrotate.d/httpd
/var/log/httpd/*log {
    daily
    missingok
    rotate 30
    compress
    delaycompress
    notifempty
    sharedscripts
    postrotate
        /bin/systemctl reload httpd.service > /dev/null 2>/dev/null || true
    endscript
}

2. 手动测试logrotate配置

sudo logrotate -d /etc/logrotate.conf  # 调试模式
sudo logrotate -f /etc/logrotate.conf  # 强制执行

三、实时日志监控工具

1. 使用tail命令

# 实时查看访问日志
tail -f /var/log/nginx/access.log

# 高亮显示重要信息
tail -f /var/log/httpd/error_log | grep --color -E 'error|fail|warning'

2. 使用multitail工具

sudo yum install multitail
multitail -e "error" /var/log/nginx/error.log -e "404" /var/log/nginx/access.log

3. 使用GoAccess实时分析

sudo yum install goaccess
goaccess /var/log/nginx/access.log -a
# 或生成HTML报告
goaccess /var/log/nginx/access.log -o /var/www/html/report.html --log-format=COMBINED

四、高级日志分析工具

1. ELK Stack (Elasticsearch, Logstash, Kibana)

# 安装Java环境
sudo yum install java-1.8.0-openjdk

# 添加ELK仓库并安装
# Elasticsearch配置示例
network.host: 0.0.0.0
http.port: 9200

# Logstash配置示例 (nginx日志)
input {
  file {
    path => "/var/log/nginx/access.log"
    start_position => "beginning"
  }
}
filter {
  grok {
    match => { "message" => "%{COMBINEDAPACHELOG}" }
  }
  date {
    match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ]
  }
}
output {
  elasticsearch {
    hosts => ["localhost:9200"]
  }
}

2. 使用Grafana + Prometheus

# 安装Prometheus node_exporter
wget https://github.com/prometheus/node_exporter/releases/download/v*/node_exporter-*.*-amd64.tar.gz
tar xvfz node_exporter-*.*-amd64.tar.gz
cd node_exporter-*.*-amd64
./node_exporter

五、安全监控与告警

1. Fail2Ban配置

sudo yum install fail2ban

# /etc/fail2ban/jail.local
[nginx-http-auth]
enabled = true
filter = nginx-http-auth
action = iptables-multiport[name=NoAuthFailures, port="http,https"]
logpath = /var/log/nginx/error.log
maxretry = 3
bantime = 600

[nginx-badbots]
enabled  = true
filter   = apache-badbots
logpath  = /var/log/nginx/access.log
maxretry = 2

2. 自定义监控脚本示例

#!/bin/bash
# 监控HTTP 500错误
ERROR_COUNT=$(tail -1000 /var/log/nginx/access.log | grep " 500 " | wc -l)

if [ $ERROR_COUNT -gt 10 ]; then
    echo "High number of 500 errors detected: $ERROR_COUNT" | mail -s "Web Server Alert" admin@example.com
fi

六、性能优化建议

1. 日志缓冲区：对于高流量网站，启用日志缓冲

   access_log /var/log/nginx/access.log main buffer=32k flush=5m;
   

2. 日志采样：极高流量时考虑采样

   access_log /var/log/nginx/access.log main if=$loggable;
   

3. 分离重要日志：将错误日志与访问日志分开存储

4. 定期归档：将旧日志压缩归档到专用存储

通过以上配置和工具，您可以有效地管理和监控CentOS Web服务器日志，及时发现并解决问题，保障服务器稳定运行。