#临时关闭selinux
setenforce 0
#永久关闭selinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
[root@rsyslog ~]# yum install -y mariadb-server
[root@rsyslog ~]# systemctl start mariadb
[root@rsyslog ~]# systemctl enable mariadb
[root@rsyslog ~]# mysql_secure_installation
[root@rsyslog ~]# mysql
MariaDB [(none)]> create database Syslog character set utf8 collate utf8_bin; #这个可以跳过
MariaDB [(none)]> grant all privileges on Syslog.* To 'rsyslog'@'localhost' identified by 'rsyslog'; #按需设置
[root@rsyslog ~]# yum install rsyslog-mysql -y
[root@rsyslog ~]# rpm -ql rsyslog-mysql
/usr/lib64/rsyslog/ommysql.so
/usr/share/doc/rsyslog-8.24.0/mysql-createDB.sql
[root@rsyslog ~]# mysql < /usr/share/doc/rsyslog-8.24.0/mysql-createDB.sql
[root@rsyslog ~]# rpm -qa | grep rsyslog #centos默认以安装rsyslog
rsyslog-8.24.0-34.el7.x86_64
[root@rsyslog ~]# vi /etc/rsyslog.conf
#### MODULES ####
# Provides UDP syslog reception
$ModLoad imudp #udp
$UDPServerRun 514 #
# Provides TCP syslog reception
$ModLoad imtcp #tcp 可按需开启
$InputTCPServerRun 514 #
$ModLoad ommysql
#### RULES ####
#*.info;mail.none;authpriv.none;cron.none /var/log/messages #注释
*.*:ommysql:localhost,Syslog,rsyslog,rsyslog #新增mysql连接
[root@rsyslog ~]# systemctl restart rsyslog
[root@rsyslog html]# firewall-cmd --add-port=80/tcp --permanent
success
[root@rsyslog html]# firewall-cmd --add-port=514/tcp --permanent
success
[root@rsyslog html]# firewall-cmd --add-port=514/udp --permanent
success
[root@rsyslog html]# firewall-cmd --reload
success
[root@rsyslog html]#
loganalyzer下载地址
https://loganalyzer.adiscon.com/downloads/
[root@rsyslog ~]# yum install httpd php php-mysql php-gd -y
[root@rsyslog ~]# systemctl start httpd
[root@rsyslog ~]# systemctl enable httpd
[root@rsyslog ~]# mkdir -p /home/www #这个可以随意
#当loganalyzer上传到/home/www
[root@rsyslog ~]# cd /home/www/
[root@rsyslog www]# tar -xzvf loganalyzer-4.1.11.tar.gz
[root@rsyslog www]# [root@rsyslog www]# cd loganalyzer-4.1.11
[root@rsyslog loganalyzer]# cp -r src/* /var/www/html/
[root@rsyslog loganalyzer]# cd /var/www/html/
[root@rsyslog html]# ls
admin convert.php favicon.ico js search.php
asktheoracle.php cron images lang statistics.php
BitstreamVeraFonts css include login.php templates
chartgenerator.php details.php index.php reportgenerator.php themes
classes export.php install.php reports.php userchange.php
[root@rsyslog html]# cp /home/www/loganalyzer-4.1.11/contrib/*.sh ./
[root@rsyslog html]# ls
admin convert.php images login.php templates
asktheoracle.php cron include reportgenerator.php themes
BitstreamVeraFonts css index.php reports.php userchange.php
chartgenerator.php details.php install.php search.php
classes export.php js secure.sh
configure.sh favicon.ico lang statistics.php
[root@rsyslog html]# chmod +x *.sh
[root@rsyslog html]# ./configure.sh
[root@rsyslog html]# ./secure.sh
[root@rsyslog html]# chmod 666 config.php
客户端配置
[root@kms ~]# vi /etc/rsyslog.conf
#在文件最后加上
*.* @10.130.16.16:514 #udp连接,IP改成syslog服务器
*.* @@192.168.1.25:514 #tcp连接
[root@kms ~]# systemctl restart rsyslog