rsyslog记录于MySQL数据库中
| 准备数据库服务器1台,用来发送日志的主机一台 |
主机 | ip |
|---|---|---|
| rsyslog | 192.168.73.110 | |
| MySQL | 192.168.73.111 |
rsyslog服务器操作
1.安装rsyslog用来连接MySQL服务器的相关的程序包
[root@rsyslog ~]# yum install -y rsyslog-mysql2.查看rsyslog-mysql所安装的相关内容
[root@rsyslog ~]# rpm -ql rsyslog-mysql
/usr/lib64/rsyslog/ommysql.so #rsyslog-mysql模块
/usr/share/doc/rsyslog-8.24.0/mysql-createDB.sql #数据库的表3.修改rsyslog的配置文件,加载rsyslog-msyql模块,定义规则
#### MODULES ####
$ModLoad ommysql
#### RULES ####
*.info;mail.none;authpriv.none;cron.none :ommysql:192.168.73.111,Syslog,user,1111114.将rsyslog数据库表传送至MySQL服务器
[root@rsyslog ~]# scp /usr/share/doc/rsyslog-8.24.0/mysql-createDB.sql 192.168.73.111:/rootMySQL服务器操作
1.安装MySQL,启动服务
[root@mysql ~]# yum install mariadb-server -y
[root@mysql ~]# systemctl start mariadb 2.在MySQL上授权rsyslog可以连接至当前服务器
[root@mysql ~]# mysql -e "GRANT ALL ON Syslog.* TO 'loguser'@'192.168.73.110' IDENTIFIED BY '111111';"3.导入rsyslog库
[root@mysql ~]# mysql < mysql-createDB.sql 测试
1.在syslog服务器上发送测试信息
[root@rsyslog ~]# logger "test log"2.在数据库中查询
MariaDB [(none)]> select * from Syslog.SystemEvents\G;
*************************** 1. row ***************************
ID: 1
CustomerID: NULL
ReceivedAt: 2019-05-17 18:05:41
DeviceReportedTime: 2019-05-17 18:05:41
Facility: 1
Priority: 5
FromHost: rsyslog
Message: test log #发送的测试信息
NTSeverity: NULL
Importance: NULL
EventSource: NULL
EventUser: NULL
EventCategory: NULL
EventID: NULL
EventBinaryData: NULL
MaxAvailable: NULL
CurrUsage: NULL
MinUsage: NULL
MaxUsage: NULL
InfoUnitID: 1
SysLogTag: root:
EventLogType: NULL
GenericFileName: NULL
SystemID: NULL
*************************** 2. row ***************************
ID: 2
CustomerID: NULL
ReceivedAt: 2019-05-17 18:05:41
DeviceReportedTime: 2019-05-17 18:05:41
Facility: 5
Priority: 6
FromHost: rsyslog
Message: action 'action 1' resumed (module 'ommysql') [v8.24.0-34.el7 try http://www.rsyslog.com/e/2359 ]
NTSeverity: NULL
Importance: NULL
EventSource: NULL
EventUser: NULL
EventCategory: NULL
EventID: NULL
EventBinaryData: NULL
MaxAvailable: NULL
CurrUsage: NULL
MinUsage: NULL
MaxUsage: NULL
InfoUnitID: 1
SysLogTag: rsyslogd:
EventLogType: NULL
GenericFileName: NULL
SystemID: NULL
*************************** 3. row ***************************
ID: 3
CustomerID: NULL
ReceivedAt: 2019-05-17 18:05:41
DeviceReportedTime: 2019-05-17 18:05:41
Facility: 5
Priority: 6
FromHost: rsyslog
Message: action 'action 1' resumed (module 'ommysql') [v8.24.0-34.el7 try http://www.rsyslog.com/e/2359 ]
NTSeverity: NULL
Importance: NULL
EventSource: NULL
EventUser: NULL
EventCategory: NULL
EventID: NULL
EventBinaryData: NULL
MaxAvailable: NULL
CurrUsage: NULL
MinUsage: NULL
MaxUsage: NULL
InfoUnitID: 1
SysLogTag: rsyslogd:
EventLogType: NULL
GenericFileName: NULL
SystemID: NULL
3 rows in set (0.00 sec)
ERROR: No query specified将数据库中的日志通过loganalyzer展示
| 准备httpd+php服务器一台 |
主机 | ip |
|---|---|---|
| http | 192.168.73.112 |
搭建lamp
安装httpd、php、php-msyql、php-gd
[root@localhost ~]# yum install httpd php php-mysql php-gd -y1.修改httpd配置文件
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
DirectoryIndex index.php index.html
addtype application/x-httpd-php .php
addtype application/x-httpd-php-source .phps
servername www.mylinuxops.com
documentroot /data/test
require all granted
2.创建站点目录创建测试页
[root@localhost ~]# mkdir /data/test
[root@localhost ~]# vim /data/test/index.php
3.启动服务测试
[root@localhost ~]# systemctl restart httpd php-fpm 4.测试
安装loganalyzer
1.解压应用
[root@localhost ~]# tar -xf loganalyzer-4.1.7.tar.gz -C /data/test/
[root@localhost ~]# cd /data/test/2.将解压包内的src取出改名
[root@localhost test]# mv loganalyzer-4.1.7/src/ logs3.安装
此处需要创建一个config.php的配置文件
[root@localhost test]# cd logs
[root@localhost logs]# touch config.php
[root@localhost logs]# chmod 666 config.php
4.安装完毕后把config.php配置文件权限修改
[root@localhost logs]# chmod 644 config.php其他
如果连接MySQL的用户密码发生改变可以在config.php文件中进行修改,如果忘记密码可以将config.php删除然后重新配置。