centos rsyslog集中日志服务器

1、安装rsyslog及rsyslog-mysql
yum -y install rsyslog-mysql
2、导入数据库并创建数据库账号密码
find /usr |grep createDB.sql
mysql -u root -p < /usr/share/doc/rsyslog-mysql-5.8.10/createDB.sql
show databases;
grant all privileges on Syslog.* to syslog@'localhost' identified by 'syslog123';
flush privileges；

3、配置rsyslog.conf
module地方放开如下：
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
$ModLoad immark  # provides --MARK-- message capability

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
新增加：
$ModLoad ommysql.so
*.* :ommysql:localhost,Syslog,syslog,syslog123
数据库地址/库名/数据库用户名/数据库密码

 tar -xzvf loganalyzer-3.6.6.tar.gz
 mkdir /var/www/html/loganalyzer
cp -r src/* /var/www/html/loganalyzer
cp -r contrib/* /var/www/html/loganalyzer
chown -R syslog.syslog /var/www/html/loganalyzer
cd /var/www/html/loganalyzer/
sh configure.sh
sh secure.sh
chmod 666 config.php