rsyslog+loganalyzer搭建rsyslog日志服务器

#临时关闭selinux
setenforce 0
#永久关闭selinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

[root@rsyslog ~]# yum install -y mariadb-server
[root@rsyslog ~]# systemctl start  mariadb
[root@rsyslog ~]# systemctl enable mariadb
[root@rsyslog ~]# mysql_secure_installation
[root@rsyslog ~]# mysql
MariaDB [(none)]> create database Syslog character set utf8 collate utf8_bin;		#这个可以跳过
MariaDB [(none)]> grant all privileges on Syslog.* To 'rsyslog'@'localhost' identified by 'rsyslog';		#按需设置

[root@rsyslog ~]# yum install rsyslog-mysql -y
[root@rsyslog ~]# rpm -ql rsyslog-mysql
/usr/lib64/rsyslog/ommysql.so
/usr/share/doc/rsyslog-8.24.0/mysql-createDB.sql
[root@rsyslog ~]# mysql < /usr/share/doc/rsyslog-8.24.0/mysql-createDB.sql

[root@rsyslog ~]# rpm -qa | grep rsyslog		#centos默认以安装rsyslog
rsyslog-8.24.0-34.el7.x86_64

[root@rsyslog ~]# vi /etc/rsyslog.conf 
#### MODULES ####
# Provides UDP syslog reception
$ModLoad imudp					#udp
$UDPServerRun 514				#

# Provides TCP syslog reception
$ModLoad imtcp					#tcp 可按需开启
$InputTCPServerRun 514			#

$ModLoad ommysql
#### RULES ####
#*.info;mail.none;authpriv.none;cron.none                /var/log/messages		#注释
*.*:ommysql:localhost,Syslog,rsyslog,rsyslog	#新增mysql连接

[root@rsyslog ~]# systemctl restart rsyslog

[root@rsyslog html]# firewall-cmd --add-port=80/tcp --permanent                
success
[root@rsyslog html]# firewall-cmd --add-port=514/tcp --permanent  
success
[root@rsyslog html]# firewall-cmd --add-port=514/udp --permanent  
success
[root@rsyslog html]# firewall-cmd --reload
success
[root@rsyslog html]# 

loganalyzer下载地址
https://loganalyzer.adiscon.com/downloads/

[root@rsyslog ~]# yum install httpd php php-mysql php-gd -y
[root@rsyslog ~]# systemctl start httpd
[root@rsyslog ~]# systemctl enable httpd
[root@rsyslog ~]# mkdir -p /home/www	#这个可以随意
#当loganalyzer上传到/home/www
[root@rsyslog ~]# cd /home/www/
[root@rsyslog www]# tar -xzvf loganalyzer-4.1.11.tar.gz
[root@rsyslog www]# [root@rsyslog www]# cd loganalyzer-4.1.11
[root@rsyslog loganalyzer]# cp -r src/* /var/www/html/ 
[root@rsyslog loganalyzer]# cd /var/www/html/
[root@rsyslog html]# ls
admin               convert.php  favicon.ico  js                   search.php
asktheoracle.php    cron         images       lang                 statistics.php
BitstreamVeraFonts  css          include      login.php            templates
chartgenerator.php  details.php  index.php    reportgenerator.php  themes
classes             export.php   install.php  reports.php          userchange.php
[root@rsyslog html]# cp /home/www/loganalyzer-4.1.11/contrib/*.sh ./
[root@rsyslog html]# ls
admin               convert.php  images       login.php            templates
asktheoracle.php    cron         include      reportgenerator.php  themes
BitstreamVeraFonts  css          index.php    reports.php          userchange.php
chartgenerator.php  details.php  install.php  search.php
classes             export.php   js           secure.sh
configure.sh        favicon.ico  lang         statistics.php
[root@rsyslog html]# chmod +x *.sh
[root@rsyslog html]# ./configure.sh 
[root@rsyslog html]# ./secure.sh 
[root@rsyslog html]# chmod 666 config.php 

客户端配置

[root@kms ~]# vi /etc/rsyslog.conf

#在文件最后加上
*.* @10.130.16.16:514		#udp连接，IP改成syslog服务器
*.* @@192.168.1.25:514 		#tcp连接

[root@kms ~]# systemctl restart rsyslog