背景:
1.《GBT+22239-2019+信息安全技术+网络安全等级保护基本要求》中8.1.5.4集中管控要求对分散在各个设备上的审计数据进行收集汇总和集中分析
2.《中华人民共和国网络安全法》第二十一条规定日志保存6个月
解决方案:
使用开源平台 rsyslog+mysql+LogAnalyzer
rsyslog升级和配置参考:https://blog.csdn.net/LSB19930706/article/details/118382075
rsyslog是centos自带的组件,开启配置发送日志到mysql数据库即可,下面详细介绍LogAnalyzer如何配置
LogAnalyzer安装
1.关闭防火墙
#查看防火墙状态
systemctl status firewalld
#关闭防火墙
systemctl stop firewalld
#关闭开启启动
systemctl disable firewalld
2.关闭selinux
#查看状态
sestatus -v | grep 'SELinux status'
#状态改为disabled
修改/etc/selinux/config文件。将SELINUX=enforcing改为SELINUX=disabled
3.安装httpd服务
#查看httpd的依赖包
yum deplist httpd
#安装httpd服务
rpm -ivh httpd-2.4.6-95.el7.centos.x86_64.rpm
#结合上面两个步骤安装依赖包,本系统缺失依赖包安装
rpm -ivh apr-1.4.8-7.el7.x86_64.rpm
rpm -ivh apr-util-1.5.2-6.el7.x86_64.rpm
rpm -ivh mailcap-2.1.41-2.el7.noarch.rpm
rpm -ivh httpd-tools-2.4.6-95.el7.centos.x86_64.rpm
#再次安装httpd服务,成功
rpm -ivh httpd-2.4.6-95.el7.centos.x86_64.rpm
#配置httpd,修改项如下
vi /etc/httpd/conf/httpd.conf
Listen 80
ServerName localhost:80
#启动httpd
systemctl start httpd
systemctl status httpd
#测试html或php:切换到/var/www/html/
echo 'hello world' > index.html
echo "<?php phpinfo();?>" > index.php
#页面显示为“hello world”,浏览器访问正常
http://172.x.x.x:80/index.html
4.安装php环境
#参考httpd安装
rpm -ivh libzip-0.10.1-8.el7.x86_64.rpm
rpm -ivh php-common-5.4.16-48.el7.x86_64.rpm
rpm -ivh php-cli-5.4.16-48.el7.x86_64.rpm
rpm -ivh php-5.4.16-48.el7.x86_64.rpm
5.安装php-mysql
rpm -ivh php-pdo-5.4.16-48.el7.x86_64.rpm
rpm -ivh php-mysql-5.4.16-48.el7.x86_64.rpm
6.安装mysql-devel
依赖包安装参考httpd
rpm -ivh mariadb-devel-5.5.68-1.el7.x86_64.rpm
7.安装loganalyzer
wget https://download.adiscon.com/loganalyzer/loganalyzer-4.1.12.tar.gz
tar -zxvf loganalyzer-4.1.12.tar.gz
cd loganalyzer-4.1.12
cp contrib/* /var/www/html/
cp -r src/* /var/www/html/
cd /var/www/html/
chmod +x *.sh
./configure.sh
systemctl restart httpd
登录网页配置数据库连接
http://172.x.x.x:80/install.php