syslog-ng+loganalyzer log system install guide

 
 
  1. 版本V1.0

  2. 时间2012-12-29

  3. 版权GPL

  4. 作者itnihao

  5. 邮箱 [email protected]

  6. 博客 http://itnihao.blog.51cto.com

  7. 如需重新发行,请注明以上信息,谢谢合作



  8. 一,创建Syslog数据库

  9. mysql> CREATE DATABASE Syslog character set utf8;

  10. mysql> USE Syslog;

  11. mysql> CREATE TABLE SystemEvents

  12. (

  13.        ID int unsigned not null auto_increment primary key,

  14.        CustomerID bigint,

  15.        ReceivedAt datetime NULL,

  16.        DeviceReportedTime datetime NULL,

  17.        Facility smallint NULL,

  18.        Priority smallint NULL,

  19.        FromHost varchar(60) NULL,

  20.        Message text,

  21.        NTSeverity int NULL,

  22.        Importance int NULL,

  23.        EventSource varchar(60),

  24.        EventUser varchar(60) NULL,

  25.        EventCategory int NULL,

  26.        EventID int NULL,

  27.        EventBinaryData text NULL,

  28.        MaxAvailable int NULL,

  29.        CurrUsage int NULL,

  30.        MinUsage int NULL,

  31.        MaxUsage int NULL,

  32.        InfoUnitID int NULL ,

  33.        SysLogTag varchar(60),

  34.        EventLogType varchar(60),

  35.        GenericFileName VarChar(60),

  36.        SystemID int NULL

  37. );

  38. mysql> CREATE TABLE SystemEventsProperties

  39. (

  40.         ID int unsigned not null auto_increment primary key,

  41.         SystemEventID int NULL ,

  42.         ParamName varchar(255) NULL ,

  43.         ParamValue text NULL

  44. );

  45. 二,设置数据库权限

  46. mysql> GRANT ALL ON Syslog.* TO syslog_ng@localhost IDENTIFIED BY 'syslog_ngpass';            

  47. mysql> FLUSH PRIVILEGES;

  48. 三,配置syslog-ng服务端

  49. rpm -ivh libnet-1.1.5-1.el6.x86_64.rpm

  50. rpm -ivh eventlog-0.2.12-1.el6.x86_64.rpm  

  51. rpm -ivh syslog-ng-3.2.5-3.el6.x86_64.rpm

  52. rpm -ivh libdbi-0.8.3-3.1.el6.x86_64.rpm

  53. rpm -ivh syslog-ng-libdbi-3.2.5-3.el6.x86_64.rpm

  54. vim /etc/syslog-ng/syslog-ng.conf  

  55. ========================================================================================================================

  56. source s_src {

  57.               unix-stream("/dev/log");

  58.               udp(ip("192.168.122.200") port(514));

  59. };

  60. destination d_mysql {

  61. sql(type(mysql)

  62. host("localhost") username("syslog_ng") password("syslog_ngpass")

  63. database("Syslog") table("SystemEvents")

  64. columns("ID int unsigned not null auto_increment primary key","ReceivedAt datetime NULL", "DeviceReportedTime datetime NULL",

  65. "Facility smallint NULL","Priority smallint NULL","FromHost varchar(60) NULL",

  66. "Message text","InfoUnitID int NULL","SysLogTag varchar(60)",

  67. "CustomerID bigint","NTSeverity int NULL","Importance int NULL","EventSource varchar(60)","EventUser varchar(60) NULL",

  68. "EventCategory int NULL","EventID int NULL","EventBinaryData text NULL","MaxAvailable int NULL","CurrUsage int NULL","MinUsage int NULL",

  69. "MaxUsage int NULL","EventLogType varchar(60)","GenericFileName VarChar(60)","SystemID int NULL")

  70. values("","$R_ISODATE", "$S_ISODATE","$FACILITY_NUM","$LEVEL_NUM","$HOST",

  71. "$MSGONLY","1","$MSGHDR","","","","","","","","","","","","","","","")

  72. indexes("ID","ReceivedAt","Facility","Priority","FromHost","SysLogTag",));

  73. };

  74. log { source(s_src); destination(d_mysql); };

  75. ==========================================================================================================================

  76. 四。配置loganalyzer日志web页面

  77. wget http://download.adiscon.com/loganalyzer/loganalyzer-3.6.1.tar.gz

  78. tar xf loganalyzer-3.6.1.tar.gz

  79. cd  loganalyzer-3.6.1

  80. mkdir /var/www/html/loganalyzer

  81. mv ./src/*  /var/www/html/loganalyzer

  82. cp contrib/* /var/www/html/loganalyzer

  83. cd /var/www/html/loganalyzersh

  84. sh  configure.sh  

  85. cat >/etc/cron.daily/syslog-clean.sh <<EOF

  86. #!/bin/bash

  87. MYSQL_USER="syslog_ng"

  88. MYSQL_PASS="syslog_ngpass"

  89. MYSQL_DB="Syslog"

  90. mysql  -u\${MYSQL_USER} -p\${MYSQL_PASS} \${MYSQL_DB} -e "DELETE FROM SystemEvents WHERE ReceivedAt < DATE_SUB(CURDATE(),INTERVAL 30 DAY)"

  91. EOF

  92. chmod 700 /etc/cron.daily/syslog-clean.sh

  93. http://192.168.122.200/loganalyzer/install.php

  94. 五,配置客户端syslog-ng

  95. rpm -ivh libnet-1.1.5-1.el6.x86_64.rpm

  96. rpm -ivh eventlog-0.2.12-1.el6.x86_64.rpm  

  97. rpm -ivh syslog-ng-3.2.5-3.el6.x86_64.rpm

  98. rpm -ivh libdbi-0.8.3-3.1.el6.x86_64.rpm

  99. rpm -ivh syslog-ng-libdbi-3.2.5-3.el6.x86_64.rpm

  100. vim /etc/syslog-ng/syslog-ng.conf  

  101. ===================================================================================

  102. destination d_euid { file("/var/log/user"); };

  103. filter f_euid   { match("euid" value("euid")) or facility(authpriv); };

  104. log { source(s_sys); filter(f_euid);destination(d_euid); };

  105. log { source(s_sys);filter(f_euid); destination(d_udp);};

  106. log { source(s_sys); destination(d_udp);};

  107. ==================================================================================

  108. cat >>/etc/bashrc <<EOF

  109. export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[hostname- $(hostname)]": "[euid=$(whoami)]":$(who am i):[`pwd`]:"$msg"; }'

  110. EOF

  111. #rsyslog

  112. #sed -i "s/SYSLOGD_OPTIONS=\"-c 5\"/SYSLOGD_OPTIONS=\"-c 2 -r -m 0\"/g"  /etc/sysconfig/rsyslog

  113. #echo "*.* @192.168.122.200"  >> /etc/rsyslog.conf



你可能感兴趣的:(syslog-ng)