RHEL5.4部署中央日志服务器之rsyslog+loganalyzer
2010-12-21 22:48
417 查看
1 系统需求
mysql mysql-devel mysql-server php php-mysql php-pdo php-common php-gd httpd
2需要的源码包软件
rsyslog-5.6.2.tar.gz
loganalyzer-3.0.4.tar.gz
3安装rsyslog
#tar xvf rsyslog-5.6.2.tar.gz
#./configure --enable-mysql
#make && make install
4 修改rsyslog 的主配置文件
修改如下
#if you experience problems, check
# http://www.rsyslog.com/troubleshoot for assistance
# rsyslog v3: load input modules
# If you do not load inputs, nothing happens!
# You may need to set the module load path if modules are not found.
$ModLoad immark # provides --MARK-- message capability
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # kernel logging (formerly provided by rklogd)
$ModLoad ommysql
*.* :ommysql:localhost,Syslog,root,frank
# 注 localhost 字节是database-server
Syslog 是数据中database-name
root 是database-userid
frank 是root用户登录mysql的密码
#该行的格式
#*.* :ommysql:database-server,database-name,database-userid,database-password
#同样要注意的是database-name 必须和/root/rsyslog-5.6.2/plugins/ommysql/creatDB.sql 中的相同
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none -/var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* -/var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit -/var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
# Remote Logging (we use TCP for reliable delivery)
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$WorkDirectory /rsyslog/spool # where to place spool files
#$ActionQueueFileName uniqName # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList # run asynchronously
#$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
# ######### Receiving Messages from Remote Hosts ##########
# TCP Syslog Server:
# provides TCP syslog reception and GSS-API (if compiled to support it)
#$ModLoad imtcp.so # load module
#$InputTCPServerRun 514 # start up TCP listener at port 514
########## 下面的配置接受远程主机的日志
UDP Syslog Server:
$ModLoad imudp.so # provides UDP syslog reception
$UDPServerRun 514 # start a UDP syslog server at standard port 514
5 关闭系统自带的syslog 进程
#service syslog stop
#chkconfig syslog off
6 因为rsyslog 没有启动脚本,并修改该脚本此时用的是syslog的启动脚本,
#cp /etc/init.d/{syslog,rsyslog}
把脚本中syslog 替换成rsyslog
#sed -i ‘s/syslog/rsyslog/g’ /etc/init.d/rsyslog
#chmod 700 /etc/init.d/rsyslog
#chkconfig –add rsyslog
#chkconfig rsyslog on
7 创建一下链接,不然在启动rsyslog 时回报错
# ln -sv /usr/local/rsyslog/sbin/rsyslogd /sbin/rsyslogd
8 导入数据库
#cd /root/rsyslog-5.6.2/plugins/ommysql
#mysql -uroot –pfrank < createDB.sql
9 启动rsyslog 并验证
#service rsyslog restart
#mysql –uroot -pfrank
Mysql>use database Syslog;
Msql> select * from SystenEvents
# 如果上面的配置无误的情况可以查看一些新日志信息
10 安装loganalyzer 并修改权限
#tar xvf loganalyzer-3.0.4.tar.gz
#cd loganalyzer-3.0.4
#cp -r src/ /var/www/html/loganalyzer
#cp -r contrib/* /var/www/html/loganalyzer
#chown -R apache.apache /var/www/html/loganalyzer
11 通过web 形式安装loganalyzer ,在安装之前必须先执行以下两个脚本
#bash /var/www/html/loganalyzer/configure.sh
#bash /var/www/html/loganalyzer/secure.sh
在浏览器在中
http://IP/loganalyzer
注:该IP 为您的日志服务器
12 安装咯疙loganalyzer
13
14 在安装前先执行
#cd /var/www/html/loganayzer
#bash configure.php
#chmod 666 config.php
15 注意数据库名,为了安全,不要使用root用户
16
17
18 创建用户
19 注意数据库和表明
20
21 创建用户
22 确认下面的配置信息
23 rsyslog+loganalyzer 的分析图如下所示
本文出自 “Frank” 博客,请务必保留此出处http://freehat.blog.51cto.com/1239536/461495
mysql mysql-devel mysql-server php php-mysql php-pdo php-common php-gd httpd
2需要的源码包软件
rsyslog-5.6.2.tar.gz
loganalyzer-3.0.4.tar.gz
3安装rsyslog
#tar xvf rsyslog-5.6.2.tar.gz
#./configure --enable-mysql
#make && make install
4 修改rsyslog 的主配置文件
修改如下
#if you experience problems, check
# http://www.rsyslog.com/troubleshoot for assistance
# rsyslog v3: load input modules
# If you do not load inputs, nothing happens!
# You may need to set the module load path if modules are not found.
$ModLoad immark # provides --MARK-- message capability
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # kernel logging (formerly provided by rklogd)
$ModLoad ommysql
*.* :ommysql:localhost,Syslog,root,frank
# 注 localhost 字节是database-server
Syslog 是数据中database-name
root 是database-userid
frank 是root用户登录mysql的密码
#该行的格式
#*.* :ommysql:database-server,database-name,database-userid,database-password
#同样要注意的是database-name 必须和/root/rsyslog-5.6.2/plugins/ommysql/creatDB.sql 中的相同
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none -/var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* -/var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit -/var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
# Remote Logging (we use TCP for reliable delivery)
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$WorkDirectory /rsyslog/spool # where to place spool files
#$ActionQueueFileName uniqName # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList # run asynchronously
#$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
# ######### Receiving Messages from Remote Hosts ##########
# TCP Syslog Server:
# provides TCP syslog reception and GSS-API (if compiled to support it)
#$ModLoad imtcp.so # load module
#$InputTCPServerRun 514 # start up TCP listener at port 514
########## 下面的配置接受远程主机的日志
UDP Syslog Server:
$ModLoad imudp.so # provides UDP syslog reception
$UDPServerRun 514 # start a UDP syslog server at standard port 514
5 关闭系统自带的syslog 进程
#service syslog stop
#chkconfig syslog off
6 因为rsyslog 没有启动脚本,并修改该脚本此时用的是syslog的启动脚本,
#cp /etc/init.d/{syslog,rsyslog}
把脚本中syslog 替换成rsyslog
#sed -i ‘s/syslog/rsyslog/g’ /etc/init.d/rsyslog
#chmod 700 /etc/init.d/rsyslog
#chkconfig –add rsyslog
#chkconfig rsyslog on
7 创建一下链接,不然在启动rsyslog 时回报错
# ln -sv /usr/local/rsyslog/sbin/rsyslogd /sbin/rsyslogd
8 导入数据库
#cd /root/rsyslog-5.6.2/plugins/ommysql
#mysql -uroot –pfrank < createDB.sql
9 启动rsyslog 并验证
#service rsyslog restart
#mysql –uroot -pfrank
Mysql>use database Syslog;
Msql> select * from SystenEvents
# 如果上面的配置无误的情况可以查看一些新日志信息
10 安装loganalyzer 并修改权限
#tar xvf loganalyzer-3.0.4.tar.gz
#cd loganalyzer-3.0.4
#cp -r src/ /var/www/html/loganalyzer
#cp -r contrib/* /var/www/html/loganalyzer
#chown -R apache.apache /var/www/html/loganalyzer
11 通过web 形式安装loganalyzer ,在安装之前必须先执行以下两个脚本
#bash /var/www/html/loganalyzer/configure.sh
#bash /var/www/html/loganalyzer/secure.sh
在浏览器在中
http://IP/loganalyzer
注:该IP 为您的日志服务器
12 安装咯疙loganalyzer
13
14 在安装前先执行
#cd /var/www/html/loganayzer
#bash configure.php
#chmod 666 config.php
15 注意数据库名,为了安全,不要使用root用户
16
17
18 创建用户
19 注意数据库和表明
20
21 创建用户
22 确认下面的配置信息
23 rsyslog+loganalyzer 的分析图如下所示
本文出自 “Frank” 博客,请务必保留此出处http://freehat.blog.51cto.com/1239536/461495
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- RHEL5.4部署中央日志服务器之rsyslog+loganalyzer
- RHEL5.4部署中央日志服务器之rsyslog+loganalyzer
- CentOS 下利用Rsyslog+LogAnalyzer+MySQL部署日志服务器
- CentOS 6.5下利用Rsyslog+LogAnalyzer+MySQL部署日志服务器
- Rsyslog+LogAnalyzer+MySQL部署日志服务器
- Rsyslog+LogAnalyzer+MySQL部署日志服务器
- CentOS 6.5下利用Rsyslog+LogAnalyzer+MySQL部署日志服务器
- Centos6.4下利用rsyslog+loganalyzer+mysql部署日志服务器
- RHEL 6.x 搭建rsyslog日志服务器和loganalyzer 日志分析工具
- CentOS 6.5下利用Rsyslog+LogAnalyzer+MySQL部署日志服务器
- RHEL 6.x 搭建rsyslog日志服务器和loganalyzer 日志分析工具
- rsyslog+loganalyzer+mysql部署日志服务器
- CentOS 6.5下利用Rsyslog+LogAnalyzer+MySQL部署日志服务器
- CentOS 6.7下利用Rsyslog+LogAnalyzer+MySQL部署日志服务器
- CentOS 6.5下利用Rsyslog+LogAnalyzer+MySQL部署日志服务器
- Centos6.3下利用rsyslog+loganalyzer+mysql部署日志服务器 推荐
- CentOS6.8下使用rsyslog+loganalyzer+ldap部署日志服务器来实现日志收集
- Rsyslog+MySQL+LogAnalyzer部署日志服务器
- CentOS 6.5下利用Rsyslog+LogAnalyzer+MySQL部署日志服务器 【转】
- rhel 5.11 搭建 rsyslog + loganalyzer 日志服务器