CentOS 下利用Rsyslog+LogAnalyzer+MySQL部署日志服务器
一、安装并设置LAMP环境
yum -y install httpd mysql* php*
二、安装Rsyslog
服务器端:
yum install rsyslog rsyslog-mysql
rsyslog-mysql :将日志传送到MySQL 数据库
mysql -uroot -p1234 < /usr/share/doc/rsyslog-mysql-5.8.10/createDB.sql
配置数据权限
# mysql -uroot �Cp
mysql> grant all on Syslog.* to syslog@localhost identified by 'syslog';
mysql> flush privileges;
mysql> exit
修改配置文件
more /etc/rsyslog.conf
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
$ModLoad immark # provides --MARK-- message capability
###Mysql####
$ModLoad ommysql.so
$template dbFormat,"insert into systemevents (Message, Facility,FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values ('%msg%', %syslogfacility%, '%fromhost-ip%',%syslogpriority%, '%timereported:::date-mysql%', '%timegenerated:::date-mysql%', %iut%, '%syslogtag%')",sql
*.info :ommysql:localhost,syslog,syslog,syslog;dbFormat
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
#datetime format
$template logformat,"%timereported:::date-mysql% %FROMHOST-IP% %msg%\n"
$ActionFileDefaultTemplate logformat
#Log file
$template logfile, "/app/rsyslog/%fromhost-ip%_%$year%%$month%%$day%.log"
*.info ?logfile
重启 rsyslog
service rsyslog restart
客户端:
# yum install rsyslog -y
配置rsyslog客户端发送本地日志到服务端
# vi /etc/rsyslog.conf
末行添加如下内容
-------------------
*.* @rsyslog 服务器IP
重启 rsyslog
service rsyslog restart
三、安装部署LogAnalyzer
# wget http://download.adiscon.com/loganalyzer/loganalyzer-3.6.5.tar.gz
# tar zxf loganalyzer-3.6.5.tar.gz
# cd loganalyzer-3.6.5
# mkdir -p /data/www/loganalyzer
复制loganalyzer源代码到apache的DocumentRoot下loganalyzer目录
# cp -r src/* /data/www/loganalyzer
# cp -r contrib/* /data/www/loganalyzer
通过web向导安装loganalyzer前,必须先执行以下两个脚本
# cd /data/www/loganalyzer/
# sh configure.sh
# sh secure.sh
#chown -R apache.apache/data/www/loganalyzer
WEB端配置
http://IP/loganalyzer
(略)