[SaltStack] Return日誌入庫審計

時間 2019-11-18

標籤 saltstack return 日誌入庫審計简体版

原文原文鏈接

SaltStack日誌return審計

在咱們執行salt任務時, 默認日誌是屏幕打印的, 對於咱們審計任務運行狀況帶來很不方便, 所以咱們對日誌結果進行了二次開發, 將job日誌處理後入庫, 方便查詢.mysql

Master推送statesql
```
$ salt '<minion-id>' state.highstate --return mysql_return
```
這裏指定使用mysql_return將結果日誌入庫審計bash

Master Job日誌信息日誌

<minion-id>:
  ----------
          ID: /tmp/salt_test.cnf
    Function: file.managed
      Result: True
     Comment: File /tmp/salt_test.cnf is in the correct state
     Changes:
  ----------
          ID: bash /u01/salt_script.sh 1>/tmp/salt_script.log 2>&1
    Function: cron.present
      Result: True
     Comment: Cron bash /u01/salt_script.sh 1>/tmp/salt_script.log 2>&1 already present
     Changes:

  Summary
  ------------
  Succeeded: 2
  Failed:    0
  ------------
  Total:     2

日誌中看到本次推送涉及2個子任務, 推送狀態均成功.code

想象一下, 這樣的日誌查看起來很費勁, 特別是成千上萬的minion機器日誌的時候, 那看的人得跪了 T.Tblog

日誌入庫ip

這裏咱們展現一下日誌入庫後查詢就特方便, 人性化 -_-開發

先看下咱們總任務的信息

id	gmt_created	gray_job_id	exec_role	job_id	func	minion_id	success	full_ret	ret_code
1924387	2015-07-03 12:44:07	0	master	20150703124403816971	state.highstate		True	{"fun_args": [], "jid": "20150703124403816971", "return": {"file_	-/tmp/salt_test.cnf_

這裏的job_id表明本次任務的id號, ret_code是全部子任務的狀態信息rem

下來時全部子任務的結果狀態

id	gmt_created	exec_role	job_id	minion_id	name	changes	success	comment
3856154	2015-07-03 12:44:07	master	20150703124403816971		/tmp/salt_test.cnf	{}	True	File /tmp/salt_test.cnf is in the correct state
3856155	2015-07-03 12:44:07	master	20150703124403816971		bash /u01/salt_script.sh 1>/tmp/salt_script.log 2>&1	{}	True	Cron bash /u01/salt_script.sh 1>/tmp/salt_script.log 2>&1 already present

總結下:io

總共涉及2個子任務
exec_role表示master中心機器推送
job_id是本次任務的惟一id
子任務的sucess均爲True, 表示子任務推送成功

固然這是在master上作的日誌入庫審計, 對應的在minion上也能夠作日誌入庫審計.

日誌表schema以下:

return_log: 總任務表

+-------------+---------------------+------+-----+---------+----------------+
  | Field       | Type                | Null | Key | Default | Extra          |
  +-------------+---------------------+------+-----+---------+----------------+
  | id          | bigint(20) unsigned | NO   | PRI | NULL    | auto_increment |
  | gmt_created | datetime            | NO   |     | NULL    |                |
  | gray_job_id | bigint(20) unsigned | NO   |     | 0       |                |
  | exec_role   | varchar(20)         | NO   |     | NULL    |                |
  | job_id      | varchar(255)        | NO   | MUL | NULL    |                |
  | func        | varchar(255)        | YES  |     | NULL    |                |
  | minion_id   | varchar(255)        | NO   | MUL | NULL    |                |
  | success     | varchar(10)         | NO   |     | NULL    |                |
  | full_ret    | mediumtext          | NO   |     | NULL    |                |
  | ret_code    | int(11)             | YES  |     | NULL    |                |
  +-------------+---------------------+------+-----+---------+----------------+

return_sublog: 子任務表

+-------------+---------------------+------+-----+---------+----------------+
  | Field       | Type                | Null | Key | Default | Extra          |
  +-------------+---------------------+------+-----+---------+----------------+
  | id          | bigint(20) unsigned | NO   | PRI | NULL    | auto_increment |
  | gmt_created | datetime            | NO   |     | NULL    |                |
  | exec_role   | varchar(20)         | NO   |     | NULL    |                |
  | job_id      | varchar(255)        | NO   | MUL | NULL    |                |
  | minion_id   | varchar(255)        | NO   |     | NULL    |                |
  | name        | mediumtext          | NO   |     | NULL    |                |
  | changes     | longtext            | YES  |     | NULL    |                |
  | success     | varchar(10)         | NO   |     | NULL    |                |
  | comment     | mediumtext          | YES  |     | NULL    |                |
  +-------------+---------------------+------+-----+---------+----------------+

return腳本: