日志的作用:记录系统从开机到关机的一切操作,由三部分组成
1)syslogd:主要记录系统和网络等服务的日志信息
2)klogd:主要记录内核产生的各项信息
3)logretate:主要用来对日志文件进行切割循环记录等
rsyslog中的术语:
facility:
是从功能或程序上对日志进行分类,并由专门的工具负责记录相应的日志信息,同时在每一个facility上我们还要为其定义一个级别,叫做priority
常用的facility有:
| auth(authpriv) | 与认证相关的信息 |
| cron | 周期性任务计划cron、at等 |
| daemon | 与各个服务有关的信息 |
| kern | 内核产生的日志信息 |
| lpr | 与打印系统相关的信息 |
| 与邮件系统相关的信息 | |
| news | 与新闻相关的信息 |
| security | security与安全相关的信息 |
| syslog | syslogd程序自身产生的信息 |
| user,uucp,local0-local7 | 系统本身产生的信息 |
priority:
日志级别
| 等级 | 等级名称 | 描述 |
| 1 | info | 仅仅是一些基本信息的说明 |
| 2 | notice | 比info更需要注意的一些说明 |
| 3 | warning、warm | 警告信息,但不至于影响应用程序的运行 |
| 4 | err,error | 一些重大的错误日志,已经影响了应用程序的运行 |
| 5 | crit | 比error还要重要的错误信息 |
| 6 | alert | 已经是有严重级别的错误信息了,比crit更严重 |
| 7 | emerg,panic | 要死机了,内核已出现了恐慌了 |
| 8 | debug | 调试信息,通常用于应用程序的调试过程 |
| * | 所有级别 | |
| none | 没有级别 |
rsyslog的配置文件
/etc/rsyslog.conf,其规则为:
facility.priority target
设施.级别 何处
target:日志信息发送的位置:
1、文件路径,在文件路径之前使用“-”,表示异步写入
2、用户,将日志信息通知指定用户,*表示所有用户
3、日志服务器地址 @SERVER,此时服务器必须要监听在tvp或udp协议的514端口上提供服务
4、管道,可以通过管道命令送给某个命令进行处理 |COMMAND
通常的日志格式:
事件产生的日期间 时间 机 主机 进程(pid) 事件内容
: 如: /var/log/messages :系统
/var/log/secure :系统安装日志,文本格式,应周期性分析
/var/log/btmp :当前系统上,用户的失败尝试登录相关的日志信息,二进制格式,lastb 命令进行查看
/var/log/wtmp :当前系统上,用户正常登录系统的相关日志信息,二进制格式,last命令可以查看
/var/log/lastlog: 每一个用户最近一次的登录 信息,二进制格式,lastlog 命令 可以查看
/var/log/dmesg :系统引导过程中的日志信息,文本格式文本查看工具查看专用命令dmesg 查看
/var/log/messages
实验一:搭建日志服务器
(1) 将centos6上的日志发送到centos7上面,C-7为服务器端,C-6为客户端,基于UDP协议
一、配置服务器端
[root@J-7 ~]# vim /etc/rsyslog.conf #打开配置文件 # rsyslog configuration file # For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html # If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html #### MODULES #### # The imjournal module bellow is now used as a message source instead of imuxsock. $ModLoad imuxsock # provides support for local system logging (e.g. via logger command) $ModLoad imjournal # provides access to the systemd journal #$ModLoad imklog # reads kernel messages (the same are read from journald) #$ModLoad immark # provides --MARK-- message capability # Provides UDP syslog reception #启用UDP的模块,并监听端口514,去掉下面2行的“#”号即可 $ModLoad imudp $UDPServerRun 514 …… [root@J-7 ~]# systemctl restart rsyslog #重启服务 [root@J-7 ~]# ss -nutl #查看514端口是否开启 Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port udp UNCONN 0 0 *:514 *:* udp UNCONN 0 0 :::514 :::* udp UNCONN 0 0 :::69 :::* tcp LISTEN 0 50 *:3306 *:* tcp LISTEN 0 128 *:22 *:* tcp LISTEN 0 100 127.0.0.1:25 *:* tcp LISTEN 0 128 :::80 :::* tcp LISTEN 0 128 :::22 :::* tcp LISTEN 0 100 ::1:25 :::* [root@J-7 ~]# tail -f /var/log/messages #用tail命令监视着这个日志文件 Aug 11 10:05:01 localhost systemd: Created slice user-0.slice. Aug 11 10:05:01 localhost systemd: Starting user-0.slice. Aug 11 10:05:01 localhost systemd: Started Session 35 of user root. Aug 11 10:05:01 localhost systemd-logind: New session 35 of user root. Aug 11 10:05:01 localhost systemd: Starting Session 35 of user root. Aug 11 10:51:41 localhost rsyslogd: [origin software="rsyslogd" swVersion="7.4.7" x-pid="1352" x-info="http://www.rsyslog.com"] exiting on signal 15. Aug 11 10:51:42 localhost rsyslogd: [origin software="rsyslogd" swVersion="7.4.7" x-pid="7237" x-info="http://www.rsyslog.com"] start Aug 11 10:51:41 localhost systemd: Stopping System Logging Service... Aug 11 10:51:42 localhost systemd: Starting System Logging Service... Aug 11 10:51:42 localhost systemd: Started System Logging Service.
二、配置客户端
[root@centos6 ~]# logger "this is test" #测试C-6能否记录日志 [root@centos6 ~]# tail -5 /var/log/messages #查看一下测试的结果,最后行表示测试成功 Jun 23 23:37:07 centos6 NetworkManager[1616]: <info> (eth2): device state change: failed -> disconnected (reason 'none') [9 3 0] Jun 23 23:37:07 centos6 NetworkManager[1616]: <info> (eth2): deactivating device (reason 'none') [0] Jun 23 23:37:07 centos6 NetworkManager[1616]: <info> Policy set 'Auto eth3' (eth3) as default for IPv4 routing and DNS. Jun 23 23:37:07 centos6 NetworkManager[1616]: <info> Policy set 'Auto eth3' (eth3) as default for IPv4 routing and DNS. Jun 23 23:38:58 centos6 root: this is test [root@centos6 ~]# vim /etc/rsyslog.conf #修改配置文件 …… #### RULES #### # Log all kernel messages to the console. # Logging much else clutters up the screen. #kern.* /dev/console # Log anything (except mail) of level info or higher. # Don't log private authentication messages! #*.info;mail.none;authpriv.none;cron.none /var/log/messages #注释掉原来的这样 *.info;mail.none;authpriv.none;cron.none @172.16.252.61 #新增这一行,把日志写到C-7的机子上 # The authpriv file has restricted access. authpriv.* /var/log/secure …… [root@centos6 ~]# service rsyslog restart #重启服务 Shutting down system logger: [ OK ] Starting system logger: [ OK ] [root@centos6 ~]# logger "this is from centos6" #写一个测试语句
三、验证实验正确性
[root@J-7 ~]# tail -f /var/log/messages #查看我们监视的结果,下面数据表示实验成功 Aug 11 10:05:01 localhost systemd: Created slice user-0.slice. Aug 11 10:05:01 localhost systemd: Starting user-0.slice. Aug 11 10:05:01 localhost systemd: Started Session 35 of user root. Aug 11 10:05:01 localhost systemd-logind: New session 35 of user root. Aug 11 10:05:01 localhost systemd: Starting Session 35 of user root. Aug 11 10:51:41 localhost rsyslogd: [origin software="rsyslogd" swVersion="7.4.7" x-pid="1352" x-info="http://www.rsyslog.com"] exiting on signal 15. Aug 11 10:51:42 localhost rsyslogd: [origin software="rsyslogd" swVersion="7.4.7" x-pid="7237" x-info="http://www.rsyslog.com"] start Aug 11 10:51:41 localhost systemd: Stopping System Logging Service... Aug 11 10:51:42 localhost systemd: Starting System Logging Service... Aug 11 10:51:42 localhost systemd: Started System Logging Service. Aug 11 11:01:01 localhost systemd: Started Session 36 of user root. Aug 11 11:01:01 localhost systemd: Starting Session 36 of user root. Aug 11 11:07:13 localhost systemd: Started Session 37 of user root. Aug 11 11:07:13 localhost systemd-logind: New session 37 of user root. Aug 11 11:07:13 localhost systemd: Starting Session 37 of user root. Aug 11 11:08:05 localhost systemd-logind: Removed session 37. Jun 23 23:48:10 centos6 kernel: imklog 5.8.10, log source = /proc/kmsg started. #下面的都是来自C-6的日志信息 Jun 23 23:48:10 centos6 rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="2970" x-info="http://www.rsyslog.com"] start Jun 23 23:48:59 centos6 root: this is from centos6
(2) 将centos6上的日志发送到centos7上面,C-7为服务器端,C-6为客户端,基于TCP协议
一、修改C-7上面的配置文件,让他支持TCP协议,并且重新指定一个存放日志的路径
[root@J-7 ~]# vim /etc/rsyslog.conf #修改日志配置 …… # Provides UDP syslog reception #将刚刚开启的UDP协议注销掉,前面加“#”号即可 #$ModLoad imudp #$UDPServerRun 514 # Provides TCP syslog reception #启动TCP协议 $ModLoad imtcp $InputTCPServerRun 514 # Save boot messages also to boot.log local7.* /var/log/boot.log local1.* /var/log/ssh2.log #新增local1设施,将日志写到本机的/var/log/ssh2.log下 …… [root@J-7 ~]# systemctl restart rsyslog #重启服务 [root@J-7 ~]# ss -nutl #确认TCP的514端口启动 Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port udp UNCONN 0 0 :::69 :::* tcp LISTEN 0 50 *:3306 *:* tcp LISTEN 0 128 *:22 *:* tcp LISTEN 0 100 127.0.0.1:25 *:* tcp LISTEN 0 25 *:514 *:* tcp LISTEN 0 128 :::80 :::* tcp LISTEN 0 128 :::22 :::* tcp LISTEN 0 100 ::1:25 :::* tcp LISTEN 0 25 :::514 :::* [root@J-7 ~]# tail -f /var/log/sshd2.log #监听我们指定的日志,此刻目录还不在 tail: cannot open ‘/var/log/sshd2.log’ for reading: No such file or directory tail: no files remaining
二、修改客户端C-6上面的配置,让它去链接服务器端C-7
[root@centos6 ~]# vim /etc/ssh/sshd_config #修改ssh服务的配置 …… # Logging # obsoletes QuietMode and FascistLogging #SyslogFacility AUTH #SyslogFacility AUTHPRIV #注释掉原来这一句设施描述 #LogLevel INFO SyslogFacility local1 #使用local1来 # Authentication: …… [root@centos6 ~]# service sshd restart #重启sshd服务 Stopping sshd: [ OK ] Starting sshd: [ OK ] [root@centos6 ~]# vim /etc/rsyslog.conf #修改rsyslog的配置文件 ………… #### RULES #### # Log all kernel messages to the console. # Logging much else clutters up the screen. #kern.* /dev/console # Log anything (except mail) of level info or higher. # Don't log private authentication messages! #*.info;mail.none;authpriv.none;cron.none /var/log/messages #*.info;mail.none;authpriv.none;cron.none @172.16.252.61 #注释掉之前UDP的这条配置 local1.* @@172.16.252.61 #为local1 写一条专门的配置,注意走TCP协议这儿是两个“@@” # The authpriv file has restricted access. authpriv.* /var/log/secure …… [root@centos6 ~]# service rsyslog restart Shutting down system logger: [ OK ] Starting system logger: [ OK ]
三、随便用个机器链接一下C-6
[root@localhost ~]# ssh 172.16.252.63 root@172.16.252.63's password: Last login: Sat Jun 24 02:47:53 2017 from 172.16.252.250
四、去C-7看结果,成功!
[root@J-7 log]# ls /var/log/ssh2.log #日志确实生成了,并记录了外来的登录信息 /var/log/ssh2.log [root@J-7 log]# cat /var/log/ssh2.log Jun 24 03:32:25 centos6 sshd[3660]: Received disconnect from 172.16.252.250: 11: disconnected by user Jun 24 03:32:30 centos6 sshd[4147]: Accepted password for root from 172.16.252.250 port 40136 ssh2
实验二、rsyslog将日志记录于MySQL中
C-6日志服务器、c-7数据库服务器
一、在C-7上面安装数据库,执行初始化安全脚本
[root@J-7 ~]# yum -y install mariadb-server #安装mariadb数据库的服务端,它会把客户端依赖包等都装好 Loaded plugins: fastestmirror Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast base | 3.6 kB 00:00:00 elpl …… Installed: mariadb-server.x86_64 1:5.5.52-1.el7 Dependency Installed: mariadb.x86_64 1:5.5.52-1.el7 perl-Compress-Raw-Bzip2.x86_64 0:2.061-3.el7 perl-Compress-Raw-Zlib.x86_64 1:2.061-4.el7 perl-DBD-MySQL.x86_64 0:4.023-5.el7 perl-DBI.x86_64 0:1.627-4.el7 perl-Data-Dumper.x86_64 0:2.145-3.el7 perl-IO-Compress.noarch 0:2.061-2.el7 perl-Net-Daemon.noarch 0:0.48-5.el7 perl-PlRPC.noarch 0:0.2020-14.el7 Complete! [root@J-7 ~]# systemctl start mariadb #启动数据库服务 [root@J-7 ~]# ss -ntl #查看端口,确定3306已经打开 State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 50 *:3306 *:* LISTEN 0 128 *:22 *:* LISTEN 0 100 127.0.0.1:25 *:* LISTEN 0 128 :::22 :::* LISTEN 0 100 ::1:25 :::* [root@J-7 ~]# mysql_secure_installation #执行安全初始化脚本,根据系统的提示就可以完成,这里不细说 NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! …… ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB! | 4.3 kB 00:00:00
二、C-6上安装链接数据的工具,并修改相关配置
[root@centos6 ~]# yum list rsyslog* #查看系统与rsyslog相关的 Loaded plugins: fastestmirror, refresh-packagekit, security Loading mirror speeds from cached hostfile Installed Packages rsyslog.x86_64 5.8.10-10.el6_6 @anaconda-CentOS-201703281317.x86_64/6.9 Available Packages rsyslog-gnutls.x86_64 5.8.10-10.el6_6 base rsyslog-gssapi.x86_64 5.8.10-10.el6_6 base rsyslog-mysql.x86_64 5.8.10-10.el6_6 base rsyslog-pgsql.x86_64 5.8.10-10.el6_6 base rsyslog-relp.x86_64 5.8.10-10.el6_6 base rsyslog-snmp.x86_64 5.8.10-10.el6_6 base rsyslog7.x86_64 7.4.10-7.el6 base rsyslog7-elasticsearch.x86_64 7.4.10-7.el6 base rsyslog7-gnutls.x86_64 7.4.10-7.el6 base rsyslog7-gssapi.x86_64 7.4.10-7.el6 base rsyslog7-mysql.x86_64 7.4.10-7.el6 base rsyslog7-pgsql.x86_64 7.4.10-7.el6 base rsyslog7-relp.x86_64 7.4.10-7.el6 base rsyslog7-snmp.x86_64 7.4.10-7.el6 base [root@centos6 ~]# yum -y install rsyslog-mysql #安装链接数据库的模块 Loaded plugins: fastestmirror, refresh-packagekit, security Setting up Install Process Loading mirror speeds from cached hostfile Resolving Dependencies --> Running transaction check ---> Package rsyslog-mysql.x86_64 0:5.8.10-10.el6_6 will be installed --> Finished Dependency Resolution Dependencies Resolved ========================================================================================= Package Arch Version Repository Size ========================================================================================= Installing: rsyslog-mysql x86_64 5.8.10-10.el6_6 base 21 k Transaction Summary ========================================================================================= Install 1 Package(s) Total download size: 21 k Installed size: 15 k Downloading Packages: Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Warning: RPMDB altered outside of yum. Installing : rsyslog-mysql-5.8.10-10.el6_6.x86_64 1/1 Verifying : rsyslog-mysql-5.8.10-10.el6_6.x86_64 1/1 Installed: rsyslog-mysql.x86_64 0:5.8.10-10.el6_6 Complete! [root@centos6 ~]# yum -y install mysql #安装mysql Loaded plugins: fastestmirror, refresh-packagekit, security Setting up Install Process Loading mirror speeds from cached hostfile Package mysql-5.1.73-8.el6_8.x86_64 already installed and latest version Nothing to do [root@centos6 ~]# yum list mysql #看一下mysql的相关信息,已安装 Loaded plugins: fastestmirror, refresh-packagekit, security Loading mirror speeds from cached hostfile Installed Packages mysql.x86_64 5.1.73-8.el6_8 @anaconda-CentOS-201703281317.x86_64/6.9 [root@centos6 ~]# rpm -ql rsyslog-mysql #看一下刚刚安装的链接mysql模块的文件的相关文件 /lib64/rsyslog/ommysql.so #模块文件 /usr/share/doc/rsyslog-mysql-5.8.10 /usr/share/doc/rsyslog-mysql-5.8.10/createDB.sql #自动创建数据库的脚本 [root@centos6 ~]# cat /usr/share/doc/rsyslog-mysql-5.8.10/createDB.sql #看一下脚本的内容 CREATE DATABASE Syslog; #规定了库名 USE Syslog; CREATE TABLE SystemEvents ( ID int unsigned not null auto_increment primary key, CustomerID bigint, ReceivedAt datetime NULL, DeviceReportedTime datetime NULL, Facility smallint NULL, Priority smallint NULL, FromHost varchar(60) NULL, Message text, NTSeverity int NULL, Importance int NULL, EventSource varchar(60), EventUser varchar(60) NULL, EventCategory int NULL, EventID int NULL, EventBinaryData text NULL, MaxAvailable int NULL, CurrUsage int NULL, MinUsage int NULL, MaxUsage int NULL, InfoUnitID int NULL , SysLogTag varchar(60), EventLogType varchar(60), GenericFileName VarChar(60), SystemID int NULL ); CREATE TABLE SystemEventsProperties ( ID int unsigned not null auto_increment primary key, SystemEventID int NULL , ParamName varchar(255) NULL , ParamValue text NULL );
三、在C-7数据库服务器端创建用于存储日志文件的数据库和用户
[root@J-7 ~]# mysql -uroot -p123456 #登录数据库 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 9 Server version: 5.5.52-MariaDB MariaDB Server Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> grant all on Syslog.* to log@'%' identified by '123456'; #创建Syslog数据库和用户,并授权 Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]>
四、在C-6上执行创建脚本
[root@centos6 ~]# mysql -ulog -p123456 -h172.16.252.61 </usr/share/doc/rsyslog-mysql-5.8.10/createDB.sql #执行脚本 [root@centos6 ~]# mysql -ulog -p123456 -h172.16.252.61 #登录上去看一下 Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 12 Server version: 5.5.52-MariaDB MariaDB Server Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> show databases; #看有那些表 +--------------------+ | Database | +--------------------+ | information_schema | | Syslog | +--------------------+ 2 rows in set (0.01 sec) mysql> select count(*) from Syslog.SystemEvents; #看一下Syslog表里面的有没有数据 +----------+ | count(*) | +----------+ | 0 | +----------+ 1 row in set (0.00 sec) mysql>exit [root@centos6 ~]# vim /etc/rsyslog.conf #修改日志配置 # rsyslog v5 configuration file # For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html # If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html #### MODULES #### $ModLoad imuxsock # provides support for local system logging (e.g. via logger command) $ModLoad imklog # provides kernel logging support (previously done by rklogd) #$ModLoad immark # provides --MARK-- message capability $ModLoad ommysql #增加链接mysql的模块 # Provides UDP syslog reception …… # Log anything (except mail) of level info or higher. # Don't log private authentication messages! #*.info;mail.none;authpriv.none;cron.none /var/log/messages *.info;mail.none;authpriv.none;cron.none :ommysql:172.16.252.61,Syslog,log,123456 #链接配置 # The authpriv file has restricted access. …… [root@centos6 ~]# service rsyslog restart Shutting down system logger: [ OK ] Starting system logger: [ OK ] [root@centos6 ~]# logger "this is mysqldb" #写一条测试数据
五、在mysql服务器端测试验证,成功
[root@J-7 ~]# mysql -uroot -p123456 #登录数据库 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 14 Server version: 5.5.52-MariaDB MariaDB Server Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> use Syslog; #使用Syslog Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed MariaDB [Syslog]> show tables; #看一下有哪些表 +------------------------+ | Tables_in_Syslog | +------------------------+ | SystemEvents | | SystemEventsProperties | +------------------------+ 2 rows in set (0.00 sec) MariaDB [Syslog]> select count(*) from SystemEvents; #查看有多少记录 +----------+ | count(*) | +----------+ | 32 | +----------+ 1 row in set (0.00 sec) MariaDB [Syslog]> select * from SystemEvents; #查看数据,确实生成,实验成功 +----+------------+---------------------+---------------------+----------+----------+----------+-----------------------------------------------------------------------------------------------------+------------+------------+-------------+-----------+---------------+---------+-----------------+--------------+-----------+----------+----------+------------+-----------+--------------+-----------------+----------+ | ID | CustomerID | ReceivedAt | DeviceReportedTime | Facility | Priority | FromHost | Message | NTSeverity | Importance | EventSource | EventUser | EventCategory | EventID | EventBinaryData | MaxAvailable | CurrUsage | MinUsage | MaxUsage | InfoUnitID | SysLogTag | EventLogType | GenericFileName | SystemID | +----+------------+---------------------+---------------------+----------+----------+----------+-----------------------------------------------------------------------------------------------------+------------+------------+-------------+-----------+---------------+---------+-----------------+--------------+-----------+----------+----------+------------+-----------+--------------+-----------------+----------+ | 1 | NULL | 2017-06-24 00:10:12 | 2017-06-24 00:10:12 | 0 | 6 | centos6 | imklog 5.8.10, log source = /proc/kmsg started. | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 1 | kernel: | NULL | NULL | NULL | | 2 | NULL | 2017-06-24 00:10:12 | 2017-06-24 00:10:12 | 5 | 6 | centos6 | [origin software="rsyslogd" swVersion="5.8.10" x-pid="3105" x-info="http://www.rsyslog.com"] start | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 1 | rsyslogd: | NULL | NULL | NULL | | 3 | NULL | 2017-06-24 00:11:50 | 2017-06-24 00:11:50 | 1 | 5 | centos6 | this is mysqldb | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 1 | root: | NULL | NULL | NULL | +----+------------+---------------------+---------------------+----------+----------+----------+-----------------------------------------------------------------------------------------------------+------------+------------+-------------+-----------+---------------+---------+-----------------+--------------+-----------+----------+----------+------------+-----------+--------------+-----------------+----------+ 3 rows in set (0.00 sec)
实验三:通过loganalyzer 展示数据库中的日志
注:这个实验是在上面这个链接在数据库的实验的基础上做的,因为我是恢复了快照,所以前面和上面重复的过程我会不多做解释说明
(1)C-7数据库服务端的配置
[root@J-7 ~]# yum -y install httpd php php-mysql php-gd mariadb-server Loaded plugins: fastestmirror Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast base | 3.6 kB 00:00:00 elpl | 4.3 kB 00:00:00 Determining fastest mirrors Resolving Dependencies --> Running transaction check ---> Package httpd.x86_64 0:2.4.6-45.el7.centos will be installed …… Installed: httpd.x86_64 0:2.4.6-45.el7.centos mariadb-server.x86_64 1:5.5.52-1.el7 php.x86_64 0:5.4.16-42.el7 php-gd.x86_64 0:5.4.16-42.el7 php-mysql.x86_64 0:5.4.16-42.el7 Dependency Installed: apr.x86_64 0:1.4.8-3.el7 apr-util.x86_64 0:1.5.2-6.el7 httpd-tools.x86_64 0:2.4.6-45.el7.centos libXpm.x86_64 0:3.5.11-3.el7 libzip.x86_64 0:0.10.1-8.el7 mailcap.noarch 0:2.1.41-2.el7 mariadb.x86_64 1:5.5.52-1.el7 perl-Compress-Raw-Bzip2.x86_64 0:2.061-3.el7 perl-Compress-Raw-Zlib.x86_64 1:2.061-4.el7 perl-DBD-MySQL.x86_64 0:4.023-5.el7 perl-DBI.x86_64 0:1.627-4.el7 perl-Data-Dumper.x86_64 0:2.145-3.el7 perl-IO-Compress.noarch 0:2.061-2.el7 perl-Net-Daemon.noarch 0:0.48-5.el7 perl-PlRPC.noarch 0:0.2020-14.el7 php-cli.x86_64 0:5.4.16-42.el7 php-common.x86_64 0:5.4.16-42.el7 php-pdo.x86_64 0:5.4.16-42.el7 t1lib.x86_64 0:5.1.2-14.el7 Complete! [root@J-7 log]# mysql -uroot -p123456 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 9 Server version: 5.5.52-MariaDB MariaDB Server Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> grant all on Syslog.* to log@'%' identified by '123456'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> [root@J-7 ~]# pwd /root [root@J-7 ~]# rz [root@J-7 ~]# tar xf loganalyzer-4.1.5.tar.gz [root@J-7 ~]# cd loganalyzer-4.1.5 [root@J-7 loganalyzer-4.1.5]# mv src/ /var/www/html/log [root@J-7 loganalyzer-4.1.5]# cd /var/www/html/log/ [root@J-7 log]# ls admin cron p_w_picpaths login.php themes asktheoracle.php css include reportgenerator.php userchange.php BitstreamVeraFonts details.php index.php reports.php chartgenerator.php doc install.php search.php classes export.php js statistics.php convert.php favicon.ico lang templates [root@J-7 log]# cat /root/loganalyzer-4.1.5/contrib/configure.sh #!/bin/sh touch config.php chmod 666 config.php [root@J-7 log]# cat /root/loganalyzer-4.1.5/contrib/secure.sh #!/bin/sh chmod 644 config.php [root@J-7 log]# touch config.php [root@J-7 log]# chmod 666 config.php [root@J-7 log]# iptables -F [root@J-7 log]# ss -ntl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:22 *:* LISTEN 0 100 127.0.0.1:25 *:* LISTEN 0 128 :::22 :::* LISTEN 0 100 ::1:25 :::* [root@J-7 log]# systemctl start httpd [root@J-7 log]# ss -ntl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:22 *:* LISTEN 0 100 127.0.0.1:25 *:* LISTEN 0 128 :::80 :::* LISTEN 0 128 :::22 :::* LISTEN 0 100 ::1:25 :::* [root@J-7 log]# systemctl start mariadb [root@J-7 log]# mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current …… All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB! [root@J-7 log]# iptables -F [root@J-7 log]# setenforce 0
(2)C-6服务端的配置
[root@centos6 ~]# yum -y install rsyslog-mysql Loaded plugins: fastestmirror, refresh-packagekit, security Setting up Install Process Loading mirror speeds from cached hostfile Resolving Dependencies --> Running transaction check ---> Package rsyslog-mysql.x86_64 0:5.8.10-10.el6_6 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================================= Package Arch Version Repository Size ================================================================================================= Installing: rsyslog-mysql x86_64 5.8.10-10.el6_6 base 21 k Transaction Summary ================================================================================================= Install 1 Package(s) Total download size: 21 k Installed size: 15 k Downloading Packages: Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Warning: RPMDB altered outside of yum. Installing : rsyslog-mysql-5.8.10-10.el6_6.x86_64 1/1 Verifying : rsyslog-mysql-5.8.10-10.el6_6.x86_64 1/1 Installed: rsyslog-mysql.x86_64 0:5.8.10-10.el6_6 Complete! [root@centos6 ~]# yum list mysql Loaded plugins: fastestmirror, refresh-packagekit, security Loading mirror speeds from cached hostfile Installed Packages mysql.x86_64 5.1.73-8.el6_8 @anaconda-CentOS-201703281317.x86_64/6.9 [root@centos6 ~]# mysql -ulog -p123456 -h172.16.252.61 </usr/share/doc/rsyslog-mysql-5.8.10/createDB.sql [root@centos6 ~]# vim /etc/rsyslog.conf # rsyslog v5 configuration file # For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html # If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html #### MODULES #### $ModLoad imuxsock # provides support for local system logging (e.g. via logger command) $ModLoad imklog # provides kernel logging support (previously done by rklogd) #$ModLoad immark # provides --MARK-- message capability $ModLoad ommysql # Provides UDP syslog reception …… # Log anything (except mail) of level info or higher. # Don't log private authentication messages! #*.info;mail.none;authpriv.none;cron.none /var/log/messages *.info;mail.none;authpriv.none;cron.none :ommysql:172.16.252.61,Syslog,log,123456 …… [root@centos6 ~]# service rsyslog restart Shutting down system logger: [ OK ] Starting system logger: [ OK ]
(三)、下面就是一些在浏览器页面安装的时候的一些页面
直接选择next进入下一步
这儿可以不管,直接下一步
这个位置也可以不做任何修改,默认设置就行,进入下一步
这儿要注意了哟、在下面First Syslog Source的下面选择Source Type选择MySQL native,就会出来下面一个小框,跟你你的数据库信息填写配置。(注:1、可能有细心的小伙伴注意到我换了浏览器了,那是因为我之前用的360极速浏览器,下面那个框总是加载不出来,我就更换了的。2、如果做错了,可以直接把之前我们创建的config.php里面的信息删除,就可以重新来一步一步的设置)
设置完成,可以根据自己的需要做一些修改设置
转载于:https://blog.51cto.com/11996114/1955668
扫一扫
738
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
