Cacti部署及常用插件安装(5)
Syslog 安装 (中央日志收集器)syslog插件可将网络中所有设备的日志信息收集到一起,并将接收到的信息写入到数据库中,通过插件web界面可以实现简单的日志查询功能。因此,首先要配置一台rsyslog日志中心服务器来接收客户机的日志,并将日志数据存放到mysql中,其次,配置cacti的syslog插件,通过该插件检索与查询mysql中的日志,syslog可以收集来自linux、windows(需要安装软件将格式统一即可)等服务器和交换机路由器的日志,并做到集中和分类查看。
一、将Cacti服务器配置为syslog服务器
1.安装rsyslog,首先需要在监控端安装rsyslog和rsyslog-mysql
# yum -y installrsyslog-mysql#centos6.0 默认已经安装rsyslog
2.编辑rsyslog的配置文件(/etc/rsyslog.conf)
# vi /etc/rsyslog.conf
在其最后添加下面的内容:
##cacti_syslog model
# provides UDP syslog reception
$ModLoad imudp
# start a UDP syslog server at standard port 514
$UDPServerRun 514
# Provides kernel logging support (previously done by rklogd)
$ModLoad imklog
# Provides support for local system logging (e.g. via logger command)
$ModLoad imuxsock
# provides --MARK-- message capability
$ModLoad immark
# provides UDP syslog reception
$ModLoad imudp
# provides TCP syslog reception and GSS-API (if compiled to support it)
$ModLoad imtcp
# provides mysql
$ModLoad ommysql
# Use costomer timestamp format
$template cacti_syslog,"INSERT INTO syslog_incoming(facility, priority, date, time, host, message) values (%syslogfacility%, %syslogpriority%,'%timereported:::date-mysql%', '%timereported:::date-mysql%', '%HOSTNAME%', '%msg%')", SQL
# Insert the log's text into the Syslog database by the costomer timestamp format of the cacti_syslog template
*.* :ommysql:game-inc,syslog,cacti,p@ssw0rd;cacti_syslog
# Write the log to the /var/log/file.log repeat
*.* /var/log/file.log
其中syslog为数据库,cacti为数据库用户,p@ssw0rd为密码,cacti_syslog为模板名称
编辑完成后,保存并退出。
3.修改/etc/sysconfig/rsyslog文件
# vi /etc/sysconfig/rsyslog
修改以下代码,使rsyslog能够远程接收日志
# Options for rsyslogd
# Syslogd options are deprecated since rsyslog v3.
# If you want to use them, switch to compatibility mode 2 by "-c 2"
# See rsyslogd(8) for more details
SYSLOGD_OPTIONS="-r -m 0"
KLOGD_OPTIONS="-x"
保存并退出!
4.重启rsyslog
# service rsyslog restart
二、安装syslog插件
1.安装syslog插件
# tar zxf syslog-v1.22-2.tgz
# mv syslog /var/www/html/cacti/plugins
2.创建数据库syslog,并导入数据
mysql -uroot
mysql>create database syslog;
mysql> grant all privileges on syslog.* on cacti@localhost identified by 'p@ssw0rd'
mysql>flush privileges;
mysql>exit;
mysql -ucacti -pp@ssw0rd syslog --default-character-set=utf8
页:
[1]