rsyslog+loganalyzer+evtsys搭建集中式监控系统

一、服务端的安装

YUM源新建，如果有的话，可以省略

# cat >> /etc/yum.repos.d/sohu.repo <<EOF

[sohu]

name=sohu's mirrors

baseurl=http://mirrors.sohu.com/centos/5/os/x86_64/

enabled=1

gpgcheck=0

EOF

安装LAMP环境及rsyslog，如果有LAMP，只需要安装rsyslog rsyslog-mysql即可

yum install rsyslog rsyslog-mysql mysql mysql-devel mysql-server php php-mysql php-pdo php-common php-gd httpd

导入rsyslog数据库

mysql -u root -p < $(rpm -ql rsyslog-mysql | grep sql$)

创建数据库用户

mysql -u root -p

mysql> grant all privileges on Syslog.* to logger@localhost identified by 'logger';

mysql> flush privileges;

mysql> exit;

修改rsyslog的配置文件

# vi /etc/rsyslog.conf     //修改一下即可

# Use traditional timestamp format

$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# Provides kernel logging support (previously done by rklogd)

# Provides support for local system logging (e.g. via logger command)

$ModLoad immark

$ModLoad imuxsock

$ModLoad imklog

$ModLoad ommysql

*.* :ommysql:127.0.0.1,Syslog,logger,logger

$ModLoad imudp.so

$UDPServerRun 514

# Log all kernel messages to the console.

# Logging much else clutters up the screen.

#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.

# Don't log private authentication messages!

*.info;mail.none;authpriv.none;cron.none                /var/log/messages

# The authpriv file has restricted access.

authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.

mail.*                                                  -/var/log/maillog

# Log cron stuff

cron.*                                                  /var/log/cron

# Everybody gets emergency messages

*.emerg                                                 *

# Save news errors of level crit and higher in a special file.

uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log

local7.*                                                /var/log/boot.log

红色部分是添加的，其它的对比一下，有的就略过，没的就添加一下吧。
安装LogAnalyzer

# wget http://download.adiscon.com/loganalyzer/loganalyzer-3.6.3.tar.gz 
# tar xf loganalyzer-3.6.3.tar.gz

# mkdir /var/www/html/loganalyzer

# mv loganalyzer-3.6.3/src/* /var/www/html/loganalyze

# touch /var/www/html/loganalyzer/config.php

# chmod 666 /var/www/html/loganalyzer/config.php

通过浏览器安装即可



















以上就完成了loganalyzer的安装，登陆查看

二、Windows客户端安装

下载evtsys http://code.google.com/p/eventlog-to-syslog/

解压缩放到 C:\Windows\System32

evtsys -i -s 10 -h log-server-ip -p 514

net start evtsys

在安装的时候，会报一个错误，是配置文件的问题，可以忽略不用管，只要看到最后的安装成功即可。以下附上详细的参数

Version: 4.4 (32-bit)

Usage: evtsys.exe -i|-u|-d [-h host] [-b host] [-f facility] [-p port]

[-s minutes] [-l level] [-n]

-i           Install service

-u           Uninstall service

-d           Debug: run as console program

-h host      Name of log host

-b host      Name of secondary log host (optional)

-f facility  Facility level of syslog message

-l level     Minimum level to send to syslog.\n", stderr);

0=All/Verbose, 1=Critical, 2=Error, 3=Warning, 4=Info

-n           Include only those events specified in the config file.

-p port      Port number of syslogd

-q bool      Query the Dhcp server to obtain the syslog/port to log to

(0/1 = disable/enable)

-s minutes   Optional interval between status messages. 0 = Disabled

Default port: 514

Default facility: daemon

Default status interval: 0

Host (-h) required if installing.

以下是在Loganalyzer上看到的Windows的日志，很明显的windows日志。监控Linux日志就很简单了，直接修改配置文件，把日志发送一份到日志服务器即可，这里不再详细的说明。




本文出自 “吖吖個呸” 博客，请务必保留此出处/article/4362165.html