Centos6.5安装rsyslog+loganalyzer+mysql部署日志服务器
系统环境:
[root@zabbix ~]# uname -r
2.6.32-431.el6.x86_64
rsyslog版本:(Centos6.5系统自带的版本都是这个5.8.10)
[root@zabbix ~]# rsyslogd -v
rsyslogd 5.8.10, compiled with:
FEATURE_REGEXP: Yes
FEATURE_LARGEFILE: No
GSSAPI Kerberos 5 support: Yes
FEATURE_DEBUG (debug build, slow code): No
32bit Atomic operations supported: Yes
64bit Atomic operations supported: Yes
Runtime Instrumentation (slow code): No
See http://www.rsyslog.com for more information.
防火墙配置:(打开防火钱514端口)
[root@zabbix ~]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Tue Nov 17 22:17:30 2015
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [4:464]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 514 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A INPUT -p icmp -j DROP
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Tue Nov 17 22:17:30 2015
重启防火墙:
[root@zabbix ~]#services iptables restart
关闭selinux:
[root@zabbix ~]#sed -i 's/enforcing/disabled/' /etc/selinux/config
一、安装LAMP:(我用YUM 安装就行)
[root@zabbix ~]# yum install php php-mysql php-common php-gd php-mbstring php-mcrypt php-devel php-xml mysql mysql-server -y
前边省略了…………
Updated:
php-common.x86_64 0:5.4.45-53.el6.art Dependency Updated:
php-bcmath.x86_64 0:5.4.45-53.el6.art
Complete!
二、添加开机启动:
[root@zabbix ~]# chkconfig httpd on
[root@zabbix ~]#chkconfig mysqld on
[root@zabbix ~]#chkconfig rsyslog on
启动服务:
[root@zabbix ~]#service httpd start
Starting httpd: httpd: apr_sockaddr_info_get() failed for zabbix
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
[ OK ]
[root@zabbix ~]#service mysqld start
Starting mysqld: [ OK ]
[root@zabbix ~]#service rsyslog start
Shutting down system logger: [ OK ]
三。增加php 支持这两行
[root@zabbix ~]# cat /etc/httpd/conf/httpd.conf
639 addType application/x-httpd-php .php
640 AddType application/x-httpd-php-source .phps
重启服务
[root@zabbix ~]#service httpd restart
四、安装Rsyslog支持数据库支持。
[root@zabbix ~]# yum install rsyslog-mysql -y
省略部分…………
Install 1 Package(s)
Upgrade 1 Package(s)
Total download size: 671 k
Downloading Packages:
(1/2): rsyslog-5.8.10-10.el6_6.x86_64.rpm | 650 kB 01:08
(2/2): rsyslog-mysql-5.8.10-10.el6_6.x86_64.rpm | 21 kB 00:00
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 7.7 kB/s | 671 kB 01:27
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Updating : rsyslog-5.8.10-10.el6_6.x86_64 1/3
Installing : rsyslog-mysql-5.8.10-10.el6_6.x86_64 2/3
Cleanup : rsyslog-5.8.10-8.el6.x86_64 3/3
Verifying : rsyslog-mysql-5.8.10-10.el6_6.x86_64 1/3
Verifying : rsyslog-5.8.10-10.el6_6.x86_64 2/3
Verifying : rsyslog-5.8.10-8.el6.x86_64 3/3
Installed:
rsyslog-mysql.x86_64 0:5.8.10-10.el6_6 Dependency Updated:
rsyslog.x86_64 0:5.8.10-10.el6_6
Complete!
五、测试是不是支持php
[root@zabbix ~]# vim /var/www/html/index.php
[root@zabbix ~]# cat /var/www/html/index.php
<?php
phpinfo();
?>
安装完成数据库支持后在/usr/share/doc/rsyslog-mysql-5.8.10/里边有个数据库的文件createDB.sql
[root@zabbix ~]# cd /usr/share/doc/rsyslog-mysql-5.8.10/
[root@zabbix rsyslog-mysql-5.8.10]# ll
total 4
-rw-r--r-- 1 root root 1046 Apr 18 2011 createDB.sql
用SQL语句快速建立库和表
[root@zabbix ~]#mysql -u root -p < /usr/share/doc/rsyslog-mysql-5.8.10/createDB.sql
[root@zabbix rsyslog-mysql-5.8.10]#mysql -uroot -p #进入数据库
mysql> show databases; #查看数据库多了个Syskog的数据库
+--------------------+
| Database |
+--------------------+
| information_schema |
| Syslog |
| mweuu |
| mysql |
| performance_schema |
| zabbix |
+--------------------+
6 rows in set (0.06 sec)
Mysql数据库建立一个用户,并制授权用户给上面导入时建立的库Syslog所有权限;
mysql> grant all privileges on Syslog.* to 'rsyslog'@'localhost' identified by 'syslogps';
Query OK, 0 rows affected (0.00 sec)
mysql> grant all privileges on Syslog.* to 'rsyslog'@'127.0.0.1' identified by 'syslogps';
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
修改配置文件:vim /etc/rsyslog.conf让它支持日志记录写到Mysql数据库中,并启用监听TCP514端口【你也可以选择UDP端口】:修改如下,用户名密码等根据自己情况修改:
[root@zabbix ~]# vim /etc/rsyslog.conf
$ModLoad imtcp #前边的#去掉
$InputTCPServerRun 514 #前边的#去掉
$ModLoad ommysql.so #添加
*.* :ommysql:127.0.0.1,Syslog,rsyslog,syslogps #添加
说明:这里的*.*表示任意用户名,127.0.0.1书数据库的ip地址(根据自己的环境做调整) Syslog是数据库,rsyslog是数据库授权的用户名,后边就是密码。
[root@zabbix ~]# service rsyslog restart #重启服务
六、接下来安装loganalyzer软件
[root@zabbix ~]# wget http://download.adiscon.com/loganalyzer/loganalyzer-3.6.3.tar.gz
[root@zabbix ~]# tar xf loganalyzer-3.6.3.tar.gz
[root@zabbix ~]# cp -r loganalyzer-3.6.3/src/* /var/www/html/
cp: overwrite `/var/www/html/index.php'? y
You have new mail in /var/spool/mail/root
[root@zabbix ~]# cp -r loganalyzer-3.6.3/contrib/* /var/www/html/
[root@zabbix ~]# cd /var/www/html/
[root@zabbix html]# chmod 700 *.sh
[root@zabbix html]# ./configure.sh
You have new mail in /var/spool/mail/root
[root@zabbix html]# chmod 777 /var/log/messages #这里的权限要注意了,不改的会报错,提示权限不够
You have new mail in /var/spool/mail/root
客户端设置:
[root@localhost ~]# echo "*.* @@192.168.128.129:514" >> /etc/rsyslog.conf
[root@localhost ~]# service rsyslog restart
Shutting down system logger: [ OK ]
Starting system logger: [ OK ]
[root@localhost ~]# vim /etc/sysconfig/iptables
[root@localhost ~]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Thu Sep 10 20:42:38 2015
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [6:560]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 514 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
[root@localhost ~]# service iptables restart
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
打开浏览器:http://ip/点击here进入一下步,如果上面操作完成直接一下步,看到Step3时选择Enable User Databse为YES填入Mysql的相关配置:
这里是输入你的数据的授权的账号和密码,还有建立的数据库。
直接一下步到Step 6会提示创建一个管理员帐号:创建完帐号后可看到如下:
最终效果是这个: