rsyslog+loganalyzer+mysql+apache+php的lamp架构搭建日志服务器

   当服务器遇到问题时,运维工程师都会根据日志分析问题,当黑客入侵服务器时,基本都会删除日志,以免留下蛛丝马迹,由此可见日志对服务器来说多么重要,为此很多公司都会有自己的日志服务器,下面我们来一起学习如何搭建日志服务器和日志分析工具。

   1.首先必须得客户机与服务器都安装rsyslog这个软件:

[root@n2 ~]# yum -y install rsyslog

   2.客户机修改配置文件(1.4为日志服务器)

[root@py ~]# grep -v "^$" /etc/rsyslog.conf | grep -v "^#"

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)

$ModLoad imklog   # provides kernel logging support (previously done by rklogd)

$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

$IncludeConfig /etc/rsyslog.d/*.conf

*.*                                                      @192.168.1.4

*.*                                                      :ommysql:192.168.1.4,Syslog,syslogroot,syslogpass

local7.*                                                /var/log/boot.log

  修改完成后重启服务并开机自动运行

[root@py ~]# service rsyslog restart

关闭系统日志记录器:                                       [确定]

启动系统日志记录器:                                       [确定]

[root@py ~]# chkconfig rsyslog on

  3.服务器修改配置文件

[root@n2 ~]# grep -v "^$" /etc/rsyslog.conf | grep -v "^#"

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)

$ModLoad imklog   # provides kernel logging support (previously done by rklogd)

$ModLoad imudp

$UDPServerRun 514

$ModLoad imtcp

$InputTCPServerRun 514

$Modload ommysql

$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

$IncludeConfig /etc/rsyslog.d/*.conf

*.*                                                      :ommysql:192.168.1.4,Syslog,syslogroot,syslogpass

local7.*                                                /var/log/boot.log

 重启服务器并开机自动运行

~]# service rsyslog restart

~]# chkconfig rsyslog on

 4.安装配置数据库

~]# yum -y install mysql-server rsyslog-mysql

(2)配置数据库


[root@n2 ~]# rpm -ql rsyslog-mysql            #首先查看rsyslog-mysql安装生成了那些文件

/lib64/rsyslog/ommysql.so

/usr/share/doc/rsyslog-mysql-5.8.10

/usr/share/doc/rsyslog-mysql-5.8.10/createDB.sql   #此sql文件就是需要导入到数据库中的数据文件

#

[root@n2 ~]# service mysqld start             #启动mysqld服务

[root@n2 ~]# mysql                            #连接mysql

Welcome to the MySQL monitor.  Commands end with ; or \g.

Your MySQL connection id is 2

Server version: 5.1.73 Source distribution

 

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.

 

Oracle is a registered trademark of Oracle Corporation and/or its

affiliates. Other names may be trademarks of their respective

owners.

 

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

 

mysql> 

mysql> 

mysql> show databases;

+--------------------+

| Database           |

+--------------------+

| information_schema |

| mysql              |

| test               |

+--------------------+

3 rows in set (0.00 sec)  #此时,只有3个库

#

mysql> source /usr/share/doc/rsyslog-mysql-5.8.10/createDB.sql;   #导入rsyslog的数据文件

mysql> show databases;

+--------------------+

| Database           |

+--------------------+

| information_schema |

| Syslog             |

| mysql              |

| test               |

+--------------------+

4 rows in set (0.01 sec)

mysql> use Syslog;              #Syslog即是记录日志文件的数据库

Reading table information for completion of table and column names

You can turn off this feature to get a quicker startup with -A

Database changed

mysql> show tables;

+------------------------+

| Tables_in_Syslog       |

+------------------------+

| SystemEvents           |

| SystemEventsProperties |

+------------------------+

2 rows in set (0.00 sec)

#

#接下来,即是为rsyslog服务器授权。此处一定是rsyslog服务器的IP

#如果写成各服务器的IP,那就错了

mysql> grant all on Syslog.* to 'syslogroot'@'127.0.0.1' identified by 'liwai8888';

Query OK, 0 rows affected (0.00 sec)

mysql> grant all on Syslog.* to 'syslogroot'@'192.168.1.4' identified by 'liwai8888';

Query OK, 0 rows affected (0.04 sec)

mysql> flush privileges;

Query OK, 0 rows affected (0.00 sec)

mysql> \q

Bye

 5.配置lamp+loganalyzer架构

1、安装LAMP环境


[root@n2 ~]# yum -y install httpd php php-mysql php-gd

[root@n2 ~]# mkdir /var/www/html/loganalyzer/

mkdir: created directory `/var/www/html/loganalyzer/'

2、解压loganalyzer源码包


[root@n2 ~]# tar xf loganalyzer-3.6.5.tar.gz

[root@n2 ~]# cd loganalyzer-3.6.5

[root@n2 loganalyzer-3.6.5]# 

[root@n2 loganalyzer-3.6.5]# ls

ChangeLog  contrib  COPYING  doc  INSTALL  src

[root@n2 loganalyzer-3.6.5]# mv src/* /var/www/html/loganalyzer/          #src下是php的网页文件

[root@n2 loganalyzer-3.6.5]# ls contrib/

configure.sh  secure.sh

[root@n2 loganalyzer-3.6.5]# mv contrib/* /var/www/html/loganalyzer/      #contrib目录下的两个脚本,可以打开看看

#

[root@n2 loganalyzer-3.6.5]# cd /var/www/html/loganalyzer/

[root@n2 loganalyzer]# sh configure.sh                    #执行脚本

3、配置httpd

    修改DocumentRoot网页根目录


[root@n2 ~]# vim /etc/httpd/conf/httpd.conf 

DocumentRoot "/var/www/html/loganalyzer"

[root@n2 ~]# service httpd start

4、配置httpd和mysql开机启动

[root@n2 ~]# chkconfig mysqld on

[root@n2 ~]# chkconfig httpd on

5、创建loganalyzer数据库,并授权

[root@n2 ~]# mysql

Enter password:

mysql> create database loganalyzer;

Query OK, 1 row affected (0.04 sec)

mysql> grant all on loganalyzer.* to min@'192.168.1.4' identified by 'liwai8888';

Query OK, 0 rows affected (0.00 sec)

mysql> flush privileges;

Query OK, 0 rows affected (0.00 sec)

 6.配置安装界面

 主要错误在数据库的大小写以及数据库的用户名密码,一般都要安装2次,第2次必须删除里面的config.php,然后再在下一步运行sh configure.sh生成config.php。然后你并可以开始使用它了。(不知道为啥复制不了图,所以只能这样谈谈我遇到的错误与解决方法)。


你可能感兴趣的:(lamp,rsyslog,loganalyzer)