安装rsyslog
rpm -qa rsyslog #CentOS7默认会安装rsyslog
yum install rsyslog-mysql -y #rsyslog使用此模块将数据传入MySQL数据库,必须安装
导入rsyslog-mysql 数据库文件
导入数据库
# cd /usr/share/doc/rsyslog-7.4.7/
# mysql -uroot -p<mysql-createDB.sql
# Enter password:
设置用户
# mysql -uroot –p
mysql> grant all on Syslog.* to rsyslog@localhost identified by '123456';
mysql> flush privileges;
mysql> exit
导入数据库操作创建了Syslog 库并在该库中创建了两张空表SystemEvents 和SystemEventsProperties。
设置文件
# vi /etc/rsyslog.conf #按如下进行更改
#### MODULES ####
$Modload ommysql
$template MySQLInsert,"insert into SystemEvents (Message, Facility, FromHost,Priority, DeviceReportedTime, ReceivedAt, InfoUnitID,
SysLogTag) values ('%msg%', %syslogfacility%, '%fromhost-ip%'