syslog服务搭建

0.Syslog
Syslog常被称为系统日志或系统记录,是一种用来在互联网协定(TCP/IP)的网络中传递记录档讯息的标准。这个词汇常用来指涉实际的syslog 协定,或者那些送出syslog讯息的应用程式或数据库。
syslog协定属于一种主从式协定:syslog发送端会传送出一个小的文字讯息(小于1024字节)到syslog接收端。接收端通常名为“syslogd”、“syslog daemon”或syslog服务器。系统日志讯息可以被以UDP协定及�u或TCP协定来传送。这些资料是以明码型态被传送。不过由于SSL加密外套(例如Stunnel、sslio或sslwrap等)并非syslog协定本身的一部分,因此可以被用来透过SSL/TLS方式提供一层加密。
syslog通常被用于资讯系统管理及资安稽核。虽然它有不少缺陷,但仍获得相当多的装置及各种平台的接收端支援。因此syslog能被用来将来自许多不同类型系统的日志记录整合到集中的储存库中。

1.安装系统
a)安装要求
i.PC配置:
CPU:Intel P E2160(1.8GHz)以上
内存:1G以上
硬盘:80G以上

虚拟机要求:
Kernel:linux 2.6
内存:512以上
硬盘:40G以上
  
b)安装系统
i.Linux syslog server要求用centos 5.5
下载地址:
ed2k://|file|[《CentOS.5.5.》32bit[光盘镜像]].
CentOS-5.5-i386-bin-DVD.iso|4185118720|a1ce64b6d36d945f562cb1250d8d665f|h=fnfai2pqdbdxmz5i5wshkaj22ttscbkg|/
c)配置网络
i.点击桌面上方的系统管理网络,配置eth0和DNS
ii.Network Abapter修改为桥接模式
2.安装工具
a)安装GCC和make
[root@FDWIN ~]# yum install gcc make
b)安装LAMP平台
[root@FDWIN ~]# yum install php-mysql mysql mysql-server php-snmp php-pdo perl-DBDMySQL httpd php –y
[root@FDWIN ~]# service mysqld start
[root@FDWIN ~]# chkconfig mysqld on
[root@FDWIN ~]#service httpd start
[root@FDWIN ~]#chkconfig httpd on
[root@FDWIN ~]# mysqladmin -uroot password '000000'
[root@FDWIN ~]#vim /var/www/html/index.php
添加:
<?php
$link=mysql_connect("localhost","root","000000");
if(!$link) echo "FAILD!";
else echo "OK!";
?>
然后网页访问下出现OK说明没问题了。

进入centos的DVD盘然后安装rpm -vih php-gd-5.1.6-15.el5.i386.rpm
进入centos的DVD盘然后安装rpm -ivh freetype-2.2.1-19.el5.i386.rpm

c)安装NET-SNMP
1. 下载net-snmp源码,并解压
[root@FDWIN proc]#
wget http://downloads.sourceforge.net/project/net-snmp/netsnmp/
5.6/net-snmp-5.6.tar.gz
[root@FDWIN proc]#tar -xvzf net-snmp-5.6.tar.gz
2. Configure
a) 进入源文件目录
[root@FDWIN proc]#cd net-snmp-5.6
b) Configure
[root@FDWIN proc]#
./configure --prefix=/usr/local/net-snmp –enable-mfd-rewrites
--with-default-snmp-version=”2” --with-persistent-directory=”/var/net-snmp”
3. 编译、安装
[root@FDWIN proc]#make && make install
4. 配置snmpd.conf
a) 将EXAMPLE.conf文件复制到
/usr/local/net-snmp/share/snmp/snmpd.conf
[root@FDWIN proc]#
cp EXAMPLE.conf /usr/local/net-snmp/share/snmp/snmpd.conf
b) 修改snmpd.conf
1.查找以下字段:
# sec.name source community
com2sec notConfigUser default public
将"comunity"字段改为你要设置的密码.比如"bizcnpublic".
将“default”改为你想哪台机器可以看到你的snmp信息,如10.10.10.10。授权服务器IP
2.查找以下字段:
####
# Finally, grant the group read-only access to the systemview view.
# group context sec.model sec.level prefix read write notif
access notConfigGroup "" any noauth exact systemview none none
将"read"字段改为all.
代码:
#access notConfigGroup "" any noauth exact all none none
3.查找以下字段:
## incl/excl subtree mask
#view all included .1 80
将该行前面的"#"去掉.
4.查找以下字段:
#name incl/excl subtree mask(optional)
添加一行view all included .1
变成
#name incl/excl subtree mask(optional)
view all included .1
5.查找以下字段:
#view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc
将该行前面的"#"去掉.
保存、关闭
c) 设置net-snmp自启动
[root@FDWIN proc]#chkconfig --level 35 snmpd on
[root@FDWIN proc]#chkconfig --add snmpd
d) SNMP测试(本机)
[root@FDWIN proc]#snmpwalk -v -2c -c public FDWIN
若有大量数据返回,说明SNMP配置正确
e) 防火墙
打开udp 161端口
f) 检查SNMP服务是否运行
[root@FDWIN proc]#netstat -ln |grep 161
udp 0 0 127.0.0.1:161 0.0.0.0:* 表示SNMP已运行正常

3.CACTI安装
a) RRDtool的安装
1.cgilib
wget http://www.scriptroute.org/source/cgilib-0.5.tar.gz
tar -zxvf cgilib-0.5.tar.gz
cd cgilib-0.5
make
cp libcgi.a /usr/local/lib
cp cgi.h /usr/include
2.fontconfig
wget http://www.fontconfig.org/release/fontconfig-2.8.0.tar.gz
cd fontconfig-2.8.0
./configure
make && make install
3.pixman
wget http://cairographics.org/releases/pixman-0.21.2.tar.gz
cd pixman-0.21.2
./configure
make;make install
4.cairo
wget http://cairographics.org/releases/cairo-1.10.0.tar.gz
tar -zxvf cairo-1.10.0.tar.gz
cd cairo-1.10.0
export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH #这里
很重要
./configure
make;make install
5.pango
wget http://ftp.se.debian.org/pub/gnome/sources/pango/1.17/pango-
1.17.5.tar.gz
tar -zxvf pango-1.17.5.tar.gz
cd pango-1.17.5
./configure
make && make install
6.rrdtool
wget http://www.mrtg.org/rrdtool/pub/rrdtool-1.4.4.tar.gz
tar -xvzf rrdtool-1.4.4.tar.gz
cd rrdtool-1.4.4
./configure –prefix=/usr/local/rrdtool
make;make isntall
b) Cacti的安装
1.下载Cacti软件包,并安装到/var/www/html/cacti
wget http://www.cacti.net/downloads/cacti-0.8.7g.tar.gz
tar -xvzf cacti-0.8.7g.tar.gz
mv cacti-0.8.7g /var/www/html/cacti
2.配置数据库
mysql -u root -p 123456
mysql> create database cacti;
mysql> grant all privileges on cacti.* to cacti@FDWIN identified by 'cacti'
with grant option;
mysql> grant all privileges on cacti.* to [email protected] identified by 'cacti'
with grant option;
mysql>flush privileges;
mysql> use cacti;
mysql> source /var/www/html/cacti/cacti.sql;
3.配置Cacti以连接数据库
vi /var/www/html/cacti/include/config.php 依照如下修改:

$database_type = "mysql";
$database_default = "cacti";
$database_hostname = "FDWIN";
$database_username = "cacti";
$database_password = "cacti";
$database_port = "3306";
vi /var/www/html/cacti/include/global.php 依照如下修改:

$database_type = "mysql";
$database_default = "cacti";
$database_hostname = "FDWIN";
$database_username = "cacti";
$database_password = "cacti";
$database_port = "3306";
$config['url_path'] = '/cacti/';
4.添加cacti用户
[root@FDWIN proc]#useradd -s nologin cacti
[root@FDWIN proc]#passwd cacti
5.修改cacti目录属主
[root@FDWIN proc]#chown -R cacti:cacti /var/www/html/cacti/
6.编辑crontab
[root@FDWIN proc]#crontab -e
*/5 * * * * /usr/bin/php /var/www/html/cacti/poller.php > /dev/null 2>&1
7.关闭SELinux
[root@FDWIN proc]#setenforce 0
8.用浏览器访问http://FDWIN/cacti/
9.配置Cacti
首先点开settings的path页,正确设置相应的路径,然后finish保存
10.安装补丁
按照Cacti.net上的步骤,打上补丁程序
必须在Cacti的安装目录下,即/var/www/html/cacti/
[root@FDWIN proc]#
wget http://www.cacti.net/downloads/patches/0.8.7g/data_source_deactivate.patch
[root@FDWIN proc]#
wget http://www.cacti.net/downloads/patches/0.8.7g/graph_list_view.patch
[root@FDWIN proc]#
wget http://www.cacti.net/downloads/patches/0.8.7g/html_output.patch
[root@FDWIN proc]#
wget http://www.cacti.net/downloads/patches/0.8.7g/ldap_group_authenication.patch
[root@FDWIN proc]#
wget
http://www.cacti.net/downloads/patches/0.8.7g/script_server_command_line_parse.patch
[root@FDWIN proc]#
wget http://www.cacti.net/downloads/patches/0.8.7g/ping.patch
[root@FDWIN proc]#
wget http://www.cacti.net/downloads/patches/0.8.7g/poller_interval.patch
[root@FDWIN proc]#
patch -p1 -N < data_source_deactivate.patch
patch -p1 -N < graph_list_view.patch
patch -p1 -N < html_output.patch
patch -p1 -N < ldap_group_authenication.patch
patch -p1 -N < script_server_command_line_parse.patch
patch -p1 -N < ping.patch
patch -p1 -N < poller_interval.patch
4.CACTI的配置和插件
必须现安装好插件扩展PIA 2.8,才能安装、使用其他插件
wget http://mirror.cactiusers.org/downloads/plugins/cacti-plugin-0.8.7g-PA-v2.8.tar.gz
tar -xvzf cacti-plugin-0.8.7g-PA-v2.8.tar.gz
mv cacti-plugin-arch /var/www/html/cacti/
cd /var/www/html/cacti/
mysql -u root -p 123456 cacti < cacti-plugin-arch/pa.sql
patch -p1 -N < cacti-plugin-arch/cacti-plugin-0.8.7g-PA-v2.8.diff
rm -rf cacti-plugin-arch
chown -R cacti:cacti /var/www/html/cacti
1. 修改global.php,设定数据库的相关参数,以及config路径.
vi /var/www/html/cacti/include/global.php,修改并增加如下内容:

$database_type = "mysql";
$database_default = "cacti";
$database_hostname = "localhost";
$database_username = "cacti";
$database_password = "cacti";
$database_port = "3306";
$config['url_path'] = '/cacti/';
$plugins = array();
2. 修改Cacti用户权限,增加插件使用权限
显示 Plugin-Management
User Management -> "admin" or "other user" -> "Realm Permissions" -> "Plugin
Management" -> 打勾并保存
3. 安装插件
a)下载插件
wget http://cactiusers.org/downloads/settings.tar.gz
wget http://cactiusers.org/downloads/monitor.tar.gz
wget http://cactiusers.org/downloads/realtime.tar.gz
wget http://cactiusers.org/downloads/syslog.tar.gz
wget http://cactiusers.org/downloads/thold.tar.gz
wget http://cactiusers.org/downloads/tools.tar.gz
wget http://cactiusers.org/downloads/update.tar.gz
wget http://downloads.sourceforge.net/project/cacti-reportit/cactireportit/
reportit_v061/reportit_v061.tar.gz
wget http://www.constructaegis.com/downloads/npc-2.0.4.tar.gz
b)解压插件
tar -xvzf settings.tar.gz
tar -xvzf monitor.tar.gz
tar -xvzf realtime.tar.gz
tar -xvzf syslog.tar.gz
tar -xvzf thold.tar.gz
tar -xvzf tools.tar.gz
tar -xvzf update.tar.gz
tar -xvzf reportit_v06.tar.gz
tar -xvzf npc-2.0.4.tar.gz
c)修改global.php,增加插件说明
vi /var/www/html/cacti/include/global.php
$plugins[] = 'settings';
$plugins[] = 'thold';
$plugins[] = 'npc';
$plugins[] = 'syslog';
$plugins[] = 'aggregate';
$plugins[] = 'reportit';
$plugins[] = 'update';
$plugins[] = 'tools';
d)下载安装json(NPC插件需要json支持)
wget http://pecl.php.net/get/json-1.2.1.tgz
tar -xvzf json-1.2.1.tgz
/usr/bin/phpize ## 如果phpize 没有此指令,请yum安装php-devel包
./configure
make && make install
e) 修改权限
将所有插件mv到/var/www/html/cacti/plugins目录下,然后User Management -> "admin"
or "other user" -> "Realm Permissions" -> "Plugin Management" -> 打勾并保存
f) 启用插件
点击configuration下的plugins management,将各个插件install/enable。
4. 插件安装排错
a)realtime插件安装问题
realtim插件安装好后,点击web界面的[graphs]页,选一个图,可发现在其右下角已经出
现了一个realtime的logo,但当点此logo进行realtime查看时,会发现弹出的窗口中显示:
“The image cache directory doesn't exist.Please create it and set permissions
and then attempt to open an other realtime graph.”
提示没有Cache目录以及权限等。
解决方案:
[root@localhost proc]#makedir /var/www/html/cacti/cache
[root@localhost proc]#chmod 777 -R /var/www/html/cacti/cache
之后,还要进入console-->configuration-->settings-->misc,设置”Cache Directory”为
/var/www/html/cacti/cache/
b) Syslog插件安装问题
在cacti中访问syslog栏目是会出现以下提示:
1 Warning: include(./include/html/inc_timespan_settings.php) [function.include]:
failed to open stream: No such file or directory in
/var/www/html/plugins/syslog/syslog.php on line 126
2 Warning: include() [function.include]: Failed opening
'./include/html/inc_timespan_settings.php' for inclusion
(include_path='.:/usr/share/pear') in /var/www/html/plugins/syslog/syslog.php on
line 126
只需将/plugins/syslog/syslog.php的第126行
#include($syslog_config["graphtime"] ? "./include/html/inc_timespan_settings.php"
: "plugins/syslog/html/syslog_timespan_settings.php");
修改为:
#include($syslog_config["graphtime"] ?
"./lib/timespan_settings.php<cacti_path>plugins/syslog/html/syslog_timespan_setti
ngs.php");即可

5.搭建SYSLOG
日常的Linux服务器都会安装syslogd或者rsyslog等日志监控服务。不过,由于日志文件都已文本
形式放到服务器上,一个一个的去查找还是比较麻烦的。不过使用cacti可以为我们找到一条捷径。
1. 安装syslog-ng服务
Syslog-ng,下一代syslog服务。Cacti的syslog监控插件只支持这一种日志服务。
[root@FDWIN proc]#yum install syslog-ng
2. 配置syslog插件
[root@FDWIN proc]#cd /var/www/html/cacti/plugins/syslog/
[root@FDWIN proc]#vi config.php
$syslogdb_type = 'mysql';
$syslogdb_default = 'syslog';
$syslogdb_hostname = 'FDWIN';
$syslogdb_username = '<cacti>';
$syslogdb_password = '<cacti>';
3. 配置数据库
[root@FDWIN proc]#mysql -u root -p 123456
mysql>create database syslog;
mysql>grant all on syslog.* to cacti@loaclhost;
mysql>flush privileges;
mysql>exit;
mysql ucacti p – – syslog < syslog.sql
4. 配置syslog-ng.conf
vi /etc/syslog-ng/syslog-ng.conf
@version: 3.0
options {
keep_hostname(yes);
long_hostnames(off);
flush_lines(1);
log_fifo_size(1024);
create_dirs(yes); # if a dir does not exist create it
owner(root); # owner of created files
group(root); # group of created files
perm(0600); # permissions of created files
dir_perm(0700); # permissions of created dirs
};
source net {
udp();
};
destination d_mysql {
pipe("/tmp/mysql.pipe"
template("INSERT INTO cacti.syslog_incoming (host, facility, priority, date,
time, message) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$YEAR-$MONTH-$DAY',
'$HOUR:$MIN:$SEC', '$MSG' );\n")
template-escape(yes)
);
};
log { source(net); destination(d_mysql); };
log { source(s_all);destination(d_mysql);};
source s_all {
internal();
unix-stream("/dev/log");
file("/proc/kmsg" program_override("kernel: "));
};
destination single-file {
file("/var/log/syslog-ng/all-messages");
};
[root@FDWIN proc]#service syslog-ng restart ##重启syslog-ng
5. 数据收集
[root@FDWIN proc]#vi /var/www/html/cacti/plugins/syslog/log2sql.sh
#!/bin/bash
if [ ! -e /tmp/mysql.pipe ]; then
mkfifo /tmp/mysql.pipe
fi
while [ -e /tmp/mysql.pipe ]
do
mysql -u cacti --password=cacti cacti < /tmp/mysql.pipe
done
[root@FDWIN proc]#chmod a+x log2sql.sh
[root@FDWIN proc]#vi /etc/rc.local
/var/www/html/cacti/plugins/syslog/log2sql.sh &
[root@FDWIN proc]#crontab -e -u cacti
*/1 * * * * /usr/bin/php /usr/share/cacti/plugins/syslog/syslog_process.php
6. Syslog Screenshot

你可能感兴趣的:(cacti,syslog,snmpd)