- 1、下载rsyslog+loganalyzer
- 2、前期环境部署lamp
- yum -y install mysql-devel 这个不安装的话,在编译rsyslog时会出错的。
- 3、安装rsyslog
- ./configure --enable-mysql
- make && make install
- cp rsyslog.conf /etc
- 4、vim /etc/rsyslog.conf
- # if you experience problems, check
- # http://www.rsyslog.com/troubleshoot for assistance
- # rsyslog v3: load input modules
- # If you do not load inputs, nothing happens!
- # You may need to set the module load path if modules are not found.
- $ModLoad immark # provides --MARK-- message capability
- $ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
- $ModLoad imklog # kernel logging (formerly provided by rklogd)
- =================新增下面2行================
- $ModLoad ommysql
- *.* :ommysql:localhost,Syslog,root,123
- ============================================ 主要是加载mysql数据库。
- # Log all kernel messages to the console.
- # Logging much else clutters up the screen.
- #kern.* /dev/console
- # Log anything (except mail) of level info or higher.
- # Don't log private authentication messages!
- *.info;mail.none;authpriv.none;cron.none -/var/log/messages
- # The authpriv file has restricted access.
- authpriv.* /var/log/secure
- # Log all the mail messages in one place.
- mail.* -/var/log/maillog
- # Log cron stuff
- cron.* -/var/log/cron
- # Everybody gets emergency messages
- *.emerg *
- # Save news errors of level crit and higher in a special file.
- uucp,news.crit -/var/log/spooler
- # Save boot messages also to boot.log
- local7.* /var/log/boot.log
- # Remote Logging (we use TCP for reliable delivery)
- # An on-disk queue is created for this action. If the remote host is
- # down, messages are spooled to disk and sent when it is up again.
- #$WorkDirectory /rsyslog/spool # where to place spool files
- #$ActionQueueFileName uniqName # unique name prefix for spool files
- #$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
- #$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
- #$ActionQueueType LinkedList # run asynchronously
- #$ActionResumeRetryCount -1 # infinite retries if host is down
- # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
- #*.* @@remote-host:514
- # ######### Receiving Messages from Remote Hosts ##########
- # TCP Syslog Server:
- # provides TCP syslog reception and GSS-API (if compiled to support it)
- #$ModLoad imtcp.so # load module
- #$InputTCPServerRun 514 # start up TCP listener at port 514
- # UDP Syslog Server:
- =====去掉下面2行的注释,主要是接收客户的日志====
- $ModLoad imudp.so # provides UDP syslog reception
- $UDPServerRun 514 # start a UDP syslog server at standard port 514
- 保存退出,开启防火墙的UDP 514端口,重启防火墙。
- 5、建立rsyslog启动脚本。
- cp -rp /etc/init.d/syslog /etc/init.d/rsyslog
- sed -i 's/syslog/rsyslog/g' /etc/init.d/rsyslog
- ln -s /usr/local/sbin/rsyslogd /sbin/rsyslogd
- =====停止自带的syslog日志服务====
- service syslog stop
- 6、导入数据库。
- cd /root/syslog/rsyslog-5.8.1/plugins/ommysql
- mysql -uroot -p <createDB.sql
- 密码:
- 启动rsyslog
- service rsyslog start
- 检查数据库是否有相应数据
- mysql -uroot -p
- use Syslog;
- select * from SystemEvents;
- 如果有数据,则表示成功。
- 7、安装loganalyzer-3.0.4
- tar xvzf loganalyzer-3.0.4.tar.gz
- cd loganalyzer-3.0.4
- mv src/* /usr/local/apache/htdocs/syslog/
- mv contrib/* /usr/local/apache/htdocs/syslog/
- chmod u+x /usr/local/apache/htdocs/syslog/*.sh
- ./configure.sh
- ./secure.sh
- chmod 666 config.php
- chown -R daemon.daemon *
- 8、登录web安装。
- http://ip地址/syslog
- 具体按步骤一步一步点下去,基本就安装完了。
- 这里说2个注意点,在这里我可是耗了好长时间:
- 在按步骤一步步点下去的时候,一定要主要Syslog数据库的表名称为:SystemEvents,在这里我刚开始没注意到,所以走了很多弯路。
- 9、linux客户端部署:
- 客户端部署比较简单:
- vim /etc/syslog.conf
- 在最后面添加:*.* @192.168.2.211
- 保存退出,重启syslog服务。
- service syslog restart
- 此时在服务器上就可以看到相关服务器的日志信息了。
- 到此基本就安装完成。至于思科华为交换路由,大家可以测试测试,windows的需要第三方软件,如果有兴趣也可以测试下。
下面是的我的服务器贴图,大家可以看下:
转载于:https://blog.51cto.com/newyue/585104