首页 > 代码库 > Centos6上rsyslog应用(rsyslog+mysql+loganalyzer)

Centos6上rsyslog应用(rsyslog+mysql+loganalyzer)

 

1、配置日志服务器,
        (1)启用日志服务器的功能:(UDP和TCP开启一个即可)

            # Provides UDP syslog reception
            $ModLoad imudp--------开启udp开启记录其他机器的
            $UDPServerRun 514-------监听在514端口上

            # Provides TCP syslog reception
            $ModLoad imtcp
            $InputTCPServerRun 514
            修改完后重启以下配置文件,service rsyslog restart
        (2)客户机上开启指向那台服务器记录日志
            #vim /etc/rsyslog.conf
            把*.info;mail.none;authpriv.none;cron.none                /var/log/messages修改成
            *.info;mail.none;authpriv.none;cron.none                @172.16.3.1
            修改完后重启以下配置文件,service rsyslog restart

2、通过webGUI展示日志信息
rsyslog+mysql+loganalyzer配置步骤
    数据库配置:
        1、安装:mysql数据库IP:172.16.3.2
            #yum install rsyslog-mysql mysql-server
        2、导入数据库
            # rpm -ql rsyslog-mysql
            /lib64/rsyslog/ommysql.so
            /usr/share/doc/rsyslog-mysql-5.8.10
            /usr/share/doc/rsyslog-mysql-5.8.10/createDB.sql------这个数据库的格式(把它导入数据库即可)
            (查看数据库怎么创建 cat /usr/share/doc/rsyslog-mysql-5.8.10/createDB.sql)
            #mysql < /usr/share/doc/rsyslog-mysql-5.8.10/createDB.sql
        3、授权数据库远程登入用户
                >grant all on Syslog.* to ning@‘172.16.3.%‘ identified by ‘ning‘;
    客户端配置文件:   
        4、修改客户端的配置文件IP:172.16.3.1
            #vim /etc/rsyslog.conf
            $ModLoad ommysql---------------------------------添加启用模块
            *.info;mail.none;authpriv.none;cron.none            :ommysql:172.16.3.2,Syslog,ning,ning (指明数据库名称和数据的IP,远程登入的名称和密码)
            #service rsyslog restart ----重启服务
        5、查看日志信息(在客户机上查看日志)
            mysql -u ning -h 172.16.3.2 -p
            #mysql
            mysql> show databases;
                +--------------------+
                | Database           |
                +--------------------+
                | information_schema |
                | Syslog  ----------------------导入数据库自动生成的表          
                | test               |
                +--------------------+
                3 rows in set (0.00 sec)
            mysql>use Syslog
            mysql> show tables;
                +------------------------+
                | Tables_in_Syslog       |
                +------------------------+
                | SystemEvents           |--------------存放日志的表
                | SystemEventsProperties |
                +------------------------+
                2 rows in set (0.01 sec)
            mysql>select * from SystemEvents;-------------查看日志结果
        6、    配置loganalyzer

                # yum -y install httpd php php-mysql php-gd
                # tar xf loganalyzer-3.6.5.tar.gz
                # mkdir /var/www/html/log
                # cp loganalyzer-3.6.5/src/* /var/www/html/log
                # cp loganalyzer-3.6.5/contrib/* /var/www/html/log
                # cd /var/www/html/log
                # chmod +x configure.sh secure.sh
                # ./configure.sh
                # ./secure.sh
                # chmod 666 config.php
                # chown -R apache.apache ./*

        7、测试:
http://172.16.3.2/log
            有图有真相

rsyslog

12