首页 > 代码库 > 搭建 rsyslog+mysql+loganalyzer
搭建 rsyslog+mysql+loganalyzer
实验环境:
当前操作系统:Linux CentOS 7 3.10.0-327.el7.x86_64
所需要的软件包:
1,mysql: mariadb-5.5.44-2.el7.centos.x86_64
2, loganalyzer: loganalyzer-3.6.5
3, httpd: httpd-2.4.6-40.el7.centos.x86_64
4, php: php-5.4.16-36.el7_1.x86_64
5, php-mysql: php-mysql-5.4.16-36.el7_1.x86_64
6, php-gd: php-gd-5.4.16-36.el7_1.x86_64
7,rsyslog-mysql:rsyslog-mysql-7.4.7-12.el7.x86_64
所实现的功能:将rsyslog记录日志与mysql中
步骤一:
1,安装mysql server
[root@CentOS 7 ~]# yum -y install mariadb-server
2,防止mysql出现反主机解析,需要在mysql的配置文件中添加如下选项:
[root@CentOS 7 ~]# vim /etc/my.cnf skip_name_resolve=ON innodb_file_per_table=ON
3,启动mysql服务
[root@CentOS 7 ~]#systemctl start mariadb.service
4,检查服务是否正常工作
[root@CentOS 7 ~]#ss -tnl LISTEN 0 50 *:3306 *:*
步骤二:
1,安装rsyslog连接至mysql server的驱动模块
[root@CentOS 7 ~]#yum -y install rsyslog-mysql
2,查看rsyslog-mysql所生成的包
[root@CentOS 7 ~]#rpm -ql rsyslog-mysql /usr/lib64/rsyslog/ommysql.so /usr/share/doc/rsyslog-7.4.7/mysql-createDB.sql
3,在mysql server准备rsyslog专用的用户账号
[root@CentOS 7 ~]#mysql MariaDB [(none)]> GRANT ALL ON Syslog.* TO ‘rsyslog‘@‘127.0.0.1‘ IDENTIFIED BY ‘rsyslogpass‘; 授权127.0.0.1主机 Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL ON Syslog.* TO ‘rsyslog‘@‘local‘ IDENTIFIED BY ‘rsyslogpass‘; 授权本机主机 Query OK, 0 rows affected, 1 warning (0.00 sec) MariaDB [(none)]> FLUSH PRIVILEGES; 重读授权表 Query OK, 0 rows affected (0.00 sec)
[root@CentOS 7 ~]#mysql -ursyslog -h127.0.0.1 -prsyslogpass 验证登录mysql的账号和密码 MariaDB [(none)]> SHOW DATABASES; +--------------------+ | Database | +--------------------+ | information_schema | | test | +--------------------+ 2 rows in set (0.00 sec)
[root@CentOS 7 ~]#less /usr/share/doc/rsyslog-7.4.7/mysql-createDB.sql 创建mysql的脚本
4,生成所需要的数据库和表
[root@CentOS 7 ~]#mysql -ursyslog -h127.0.0.1 -prsyslogpass < /usr/share/doc/rsyslog-7.4.7/mysql-createDB.sql
[root@CentOS 7 ~]#mysql -ursyslog -h127.0.0.1 -prsyslogpass 验证所生成的表和数据 MariaDB [(none)]> SHOW DATABASES; +--------------------+ | Database | +--------------------+ | information_schema | | Syslog | | test | +--------------------+ 3 rows in set (0.00 sec) MariaDB [(none)]> use Syslog; MariaDB [Syslog]> SHOW TABLES; +------------------------+ | Tables_in_Syslog | +------------------------+ | SystemEvents | | SystemEventsProperties | +------------------------+ 2 rows in set (0.00 sec) MariaDB [Syslog]> DESC SystemEvents;
5,配置rsyslog使用ommysql模块
[root@CentOS 7 ~]#vim /etc/rsyslog.conf #### MODULES #### 在该模块下添加ommysql模块 $ModLoad ommysql
6,配置RULES,将所期望的日志信息记录于mysql中
#### RULES #### *.* :ommysql:127.0.0.1,Syslog,rsyslog,rsyslogpass 添加规则 #*.info;mail.none;authpriv.none;cron.none /var/log/messages 注释掉
7,重启rsyslog服务并查看状态
[root@CentOS 7 ~]#systemctl restart rsyslog.service [root@CentOS 7 ~]#systemctl status rsyslog.service
8,客户端验证日志
[root@CentOS 7 ~]#mysql -usyslog -h127.0.0.1 -prsyslogpass MariaDB [(none)]> use Syslog; MariaDB [Syslog]> SELECT * FROM SystemEvents\G [root@CentOS 7 ~]#logger -p local13.warn "How old are you?" 在另一个终端 FromHost: CentOS 7 Message: How old are you?
步骤三:
安装loganalyzer
1,安装所需软件包
[root@CentOS 7 ~]#yum -y install httpd php php-mysql php-gd
2,启动并检查服务
[root@CentOS 7 ~]#systemctl start httpd.service [root@CentOS 7 ~]#ss -tnl LISTEN 0 50 *:80 *:*
3,安装loganalyzer-3.6.5
[root@CentOS 7 ~]#ls 需在网上下载 loganalyzer-3.6.5 [root@CentOS 7 ~]#cd loganalyzer-3.6.5 [root@CentOS 7 loganalyzer-3.6.5]#cp -a src /var/www/html/loganalyzer-3.6.5 [root@CentOS 7 loganalyzer-3.6.5]#cd /var/www/html/ [root@CentOS 7 html]#ls [root@CentOS 7 html]#ln -sv loganalyzer-3.6.5/ log [root@CentOS 7 html]#cd log [root@CentOS 7 log]#touch config.php [root@CentOS 7 log]#chmod 666 config.php
4,打开浏览器,进行配置
1),在地址输入栏中输入如下地址:
2),在弹出的方框中点击here,需进行初始化设置
3),当看到红色警告栏时,需要修改配置文件
[root@CentOS 7 log]#vim config.php
将 localhost 改为 127.0.0.1
$CFG[‘UserDBServer‘] = ‘127.0.0.1‘; $CFG[‘Sources‘][‘Source1‘][‘DBServer‘] = ‘127.0.0.1‘;
[root@CentOS 7 log]#chmod 644 config.php 修改权限
4)再次刷新页面,见到如下页面,恭喜你服务搭建完成
搭建 rsyslog+mysql+loganalyzer