|
rsyslog + loganalyzer
一. 客户端
1 关闭syslog服务
chkconfig syslog off
service syslog stop
2 安装rsyslog
yum install rsyslog5*
3 配置
echo "*.* @10.0.70.203" >> /etc/rsyslog.conf
echo "*.* :ommysql:10.0.70.203,Syslog,syslog,syslog" >> /etc/rsyslog.conf
4 启动服务
service rsyslog restart
chkconfig rsyslog on
二. 服务端安装
下载 loganalyzer
yum install -y rsyslog5*
yum install -y perl-DBI
yum install -y libc-client
yum install -y unixODBC
yum install -y lm_sensors
yum install -y php53
yum install -y php53-pdo
yum install -y php53-gd
yum install -y php53-mysql
yum install -y php53-bcmath
yum install -y php53-soap
yum install -y php53-xml
yum install -y php53-mbstring
数据库配置
mysql --password=123456
DROP DATABASE IF EXISTS Syslog;
DROP DATABASE IF EXISTS loganalyzer;
create database loganalyzer;
source /usr/share/doc/rsyslog5-mysql-5.8.12/createDB.sql
具体根据操作系统目录:/usr/share/doc/ 来
GRANT ALL PRIVILEGES ON *.* TO 'syslog'@'localhost' IDENTIFIED BY 'syslog' WITH GRANT OPTION;
grant all on loganalyzer.* to lyzeruser@'localhost' identified by 'lyzeruser';
flush privileges;
exit
loganalyzer 安装
wget http://10.0.42.1:4201/soft/loganalyzer-4.1.3.tar.gz
tar zxvf loganalyzer-4.1.3.tar.gz
cd /root/loganalyzer-4.1.3
mkdir -p /var/www/html/loganalyzer
cp -r src/* /var/www/html/loganalyzer
cp -r contrib/* /var/www/html/loganalyzer
chown -R daemon.daemon /var/www/html/loganalyzer
cd /var/www/html/loganalyzer
sh configure.sh
sh secure.sh
WEB 配置
http://10.0.70.203/loganalyzer
Click here
Step 1 - Prerequisites
Click on Next
Step 2 - Verify File Permissions
操作系统运行:
chmod 666 /var/www/html/loganalyzer/config.php
web界面
Click ReCheck
Click Next
Step 3 - Basic Configuration
Enable User Database : 选择 “YES”
Database Host: localhost
Database Port: 3306
Database Name: loganalyzer
Table prefix: logcon_
Database User: lyzeruser
Database Password: lyzeruser
Require user to be logged in: No
Step 4 - Create Tables
Click Next
Step 5 - Check SQL Results
Click Next
Step 6 - Creating the Main Useraccount
Username: admin
Password:
Repeat Password:
Click Next
Step 7 - Create the first source for syslog messages
Name of the Source: My Syslog Source
Source Type: MYSQL Native
Select View: Syslog Fields
Table type: MonitorWare
Database Host: localhost
Database Name: Syslog
Database Tablename: SystemEvents
Database User: syslog
Database Password:
Enable Row Counting Yes
Click Next
Step 8 - Done
Installer Step Finish!
服务器端设置
1 关闭syslog服务
chkconfig syslog off
service syslog stop
2 安装rsyslog
yum install rsyslog5*
vi /etc/rsyslog.conf
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
$ModLoad immark # provides --MARK-- message capability
$ModLoad imudp
$UDPServerRun 514
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
$ModLoad ommysql
*.info;mail.none;authpriv.none;cron.none /var/log/messages
authpriv.* /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
*.emerg *
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log
*.* :ommysql:localhost,Syslog,syslog,syslog
service rsyslog restart
chkconfig rsyslog on
history -c
|
|