rsyslog+loganalyzer+evtsys搭建集中式监控系统

一、服务端的安装

YUM源新建,如果有的话,可以省略

 
 
  1. # cat >> /etc/yum.repos.d/sohu.repo <<EOF

  2. [sohu]

  3. name=sohu's mirrors

  4. baseurl=http://mirrors.sohu.com/centos/5/os/x86_64/

  5. enabled=1

  6. gpgcheck=0

  7. EOF

安装LAMP环境及rsyslog,如果有LAMP,只需要安装rsyslog rsyslog-mysql即可

 
 
  1. yum install rsyslog rsyslog-mysql mysql mysql-devel mysql-server php php-mysql php-pdo php-common php-gd httpd

导入rsyslog数据库

 
 
  1. mysql -u root -p < $(rpm -ql rsyslog-mysql | grep sql$)

创建数据库用户

 
 
  1. mysql -u root -p

  2. mysql> grant all privileges on Syslog.* to logger@localhost identified by 'logger';

  3. mysql> flush privileges;

  4. mysql> exit;

修改rsyslog的配置文件

 
 
  1. # vi /etc/rsyslog.conf     //修改一下即可

  2. # Use traditional timestamp format

  3. $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

  4. # Provides kernel logging support (previously done by rklogd)

  5. # Provides support for local system logging (e.g. via logger command)

  6. $ModLoad immark

  7. $ModLoad imuxsock

  8. $ModLoad imklog

  9. $ModLoad ommysql

  10. *.* :ommysql:127.0.0.1,Syslog,logger,logger

  11. $ModLoad imudp.so

  12. $UDPServerRun 514

  13. # Log all kernel messages to the console.

  14. # Logging much else clutters up the screen.

  15. #kern.*                                                 /dev/console

  16. # Log anything (except mail) of level info or higher.

  17. # Don't log private authentication messages!

  18. *.info;mail.none;authpriv.none;cron.none                /var/log/messages

  19. # The authpriv file has restricted access.

  20. authpriv.*                                              /var/log/secure

  21. # Log all the mail messages in one place.

  22. mail.*                                                  -/var/log/maillog

  23. # Log cron stuff

  24. cron.*                                                  /var/log/cron

  25. # Everybody gets emergency messages

  26. *.emerg                                                 *

  27. # Save news errors of level crit and higher in a special file.

  28. uucp,news.crit                                          /var/log/spooler

  29. # Save boot messages also to boot.log

  30. local7.*                                                /var/log/boot.log

红色部分是添加的,其它的对比一下,有的就略过,没的就添加一下吧。

安装LogAnalyzer

 
 
  1. # wget http://download.adiscon.com/loganalyzer/loganalyzer-3.6.3.tar.gz

  2. # tar xf loganalyzer-3.6.3.tar.gz

  3. # mkdir /var/www/html/loganalyzer

  4. # mv loganalyzer-3.6.3/src/* /var/www/html/loganalyze

  5. # touch /var/www/html/loganalyzer/config.php

  6. # chmod 666 /var/www/html/loganalyzer/config.php

通过浏览器安装即可

122022825.jpg



122038124.jpg


122050300.jpg


122059568.jpg


122113533.jpg

以上就完成了loganalyzer的安装,登陆查看

122206543.jpg

二、Windows客户端安装

下载evtsys  http://code.google.com/p/eventlog-to-syslog/

 
 
  1. 解压缩放到 C:\Windows\System32

  2. evtsys -i -s 10 -h log-server-ip -p 514

  3. net start evtsys

在安装的时候,会报一个错误,是配置文件的问题,可以忽略不用管,只要看到最后的安装成功即可。以下附上详细的参数

 
 
  1. Version: 4.4 (32-bit)

  2. Usage: evtsys.exe -i|-u|-d [-h host] [-b host] [-f facility] [-p port]

  3.       [-s minutes] [-l level] [-n]

  4.  -i           Install service

  5.  -u           Uninstall service

  6.  -d           Debug: run as console program

  7.  -h host      Name of log host

  8.  -b host      Name of secondary log host (optional)

  9.  -f facility  Facility level of syslog message

  10.  -l level     Minimum level to send to syslog.\n", stderr);

  11. 0=All/Verbose, 1=Critical, 2=Error, 3=Warning, 4=Info

  12.  -n           Include only those events specified in the config file.

  13.  -p port      Port number of syslogd

  14.  -q bool      Query the Dhcp server to obtain the syslog/port to log to

  15.               (0/1 = disable/enable)

  16.  -s minutes   Optional interval between status messages. 0 = Disabled

  17. Default port: 514

  18. Default facility: daemon

  19. Default status interval: 0

  20. Host (-h) required if installing.

以下是在Loganalyzer上看到的Windows的日志,很明显的windows日志。监控Linux日志就很简单了,直接修改配置文件,把日志发送一份到日志服务器即可,这里不再详细的说明。

122537594.jpg



你可能感兴趣的:(服务端,rsyslog,监控系统)