logzilla2.9.9+syslog-ng实现集中日志管理
System:Centos5.5 (32bit)
Author:hx10
Date:2010/7/28 hangzhou
Blog :
http://hi.baidu.com/hx10
1.安装lamp
yum -y install ntp vim-enhanced gcc gcc-c++ gcc-g77 flex bison autoconf automake bzip2-devel zlib-devel ncurses-devel libjpeg-devel libpng-devel libtiff-devel freetype-devel libXpm-devel pam-devel libtool libtool-ltdl openssl openssl-devel libxml2-devel gettext-devel pcre-devel fontconfig-devel libmcrypt mysql mysql-server mysql-devel httpd httpd-devel php php-mysql php-gd php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc php-mcrypt php-mbstring
2.平台初始化
yum install libnet -y
cpan -i Digest::SHA1
cpan -i Net::MySQL
cpan -i Digest::SHA1
cpan -i Net::MySQL
认的,eventlog将会生成/usr/lib/pkgconfig 目录,这个目录会被syslog-ng的configure脚本使用,所以你应该添加一个环境变量PKG_CONFIG_PATH,使用如下命令添加
# export PKG_CONFIG_PATH=/usr/lib/pkgconfig:$PKG_CONFIG_PATH
# export PKG_CONFIG_PATH=/usr/lib/pkgconfig:$PKG_CONFIG_PATH
3.安装组件
作者在Logzilla3.0以后做了licensed限制,所以现在使用2.99版本
cd /usr/local/src
http://www.balabit.com/downloads/files/syslog-ng/open-source-edition/3.0.5/setups/rhel-5-amd64/syslog-ng-3.0.5-1.rhel5.x86_64.rpm (64位系统)
http://php-syslog-ng.googlecode.com/files/logzilla_v2.9.9o.tgz
http://www.balabit.com/downloads/files/eventlog/0.2/eventlog_0.2.9.tar.gz
http://www.balabit.com/downloads/files/syslog-ng/open-source-edition/3.0.3/setups/rhel-5-i386/syslog-ng-3.0.3-1.rhel5.i386.rpm (32位系统)
保存为down.txt
# wget -i down.txt
# cd /usr/local/src
tar zxvf eventlog_0.2.9.tar.gz
cd eventlog-0.2.9/
./configure && make && make install
cd ..
rpm -Uvh syslog-ng-3.0.3-1.rhel5.i386.rpm
vim /opt/syslog-ng/etc/syslog-ng.conf
# wget -i down.txt
# cd /usr/local/src
tar zxvf eventlog_0.2.9.tar.gz
cd eventlog-0.2.9/
./configure && make && make install
cd ..
rpm -Uvh syslog-ng-3.0.3-1.rhel5.i386.rpm
vim /opt/syslog-ng/etc/syslog-ng.conf
@version: 3.0
#Default configuration file for syslog-ng.
#
# For a description of syslog-ng configuration file directives, please read
# the syslog-ng Administrator’s guide at:
#
# http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/bk01-toc.html
#
options {
# Number of syslog lines stored in memory before being written to files
flush_lines (0);
log_fifo_size (2048);
create_dirs (yes);
perm (0640);
dir_perm (0750);
};
#Default configuration file for syslog-ng.
#
# For a description of syslog-ng configuration file directives, please read
# the syslog-ng Administrator’s guide at:
#
# http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/bk01-toc.html
#
options {
# Number of syslog lines stored in memory before being written to files
flush_lines (0);
log_fifo_size (2048);
create_dirs (yes);
perm (0640);
dir_perm (0750);
};
source s_network_1 {
udp(ip(0.0.0.0) port(514));
};
udp(ip(0.0.0.0) port(514));
};
destination d_network_1 {
file("/var/log/syslog-ng/network/$YEAR.$MONTH.$DAY/$HOST/$FACILITY.log");
};
file("/var/log/syslog-ng/network/$YEAR.$MONTH.$DAY/$HOST/$FACILITY.log");
};
# Define the destination "d_network_1B" log directory
destination d_network_1B {
file ("/var/log/syslog-ng/network/all/network.log");
};
destination d_network_1B {
file ("/var/log/syslog-ng/network/all/network.log");
};
log {
source(s_network_1);
destination(d_network_1);
};
source(s_network_1);
destination(d_network_1);
};
log {
source(s_network_1);
destination(d_network_1B);
};
source(s_network_1);
destination(d_network_1B);
};
destination d_logzilla {
program("/var/www/logzilla/scripts/db_insert.pl"
template("$HOST\t$FACILITY\t$PRIORITY\t$LEVEL\t$TAG\t$YEAR-$MONTH-$DAY\t$HOUR:$MIN:$SEC\t$PROGRAM\t$MSG\n"));
};
program("/var/www/logzilla/scripts/db_insert.pl"
template("$HOST\t$FACILITY\t$PRIORITY\t$LEVEL\t$TAG\t$YEAR-$MONTH-$DAY\t$HOUR:$MIN:$SEC\t$PROGRAM\t$MSG\n"));
};
log {
source(s_network_1);
destination(d_logzilla);
};
source(s_network_1);
destination(d_logzilla);
};
source localhost_all {
internal();
unix-stream("/dev/log");
file("/proc/kmsg" program_override("kernel"));
};
destination localhostlog {
file ("/var/log/syslog-ng/$HOST/$YEAR-$MONTH/$DAY" create_dirs(yes));
};
log {
source(localhost_all);
destination(localhostlog);
};
destination local_logzilla {
program("/var/www/logzilla/scripts/db_insert.pl"
template("$HOST\t$FACILITY\t$PRIORITY\t$LEVEL\t$TAG\t$YEAR-$MONTH-$DAY\t$HOUR:$MIN:$SEC\t$PROGRAM\t$MSG\n"));
};
log {
source(localhost_all);
destination(local_logzilla);
};
internal();
unix-stream("/dev/log");
file("/proc/kmsg" program_override("kernel"));
};
destination localhostlog {
file ("/var/log/syslog-ng/$HOST/$YEAR-$MONTH/$DAY" create_dirs(yes));
};
log {
source(localhost_all);
destination(localhostlog);
};
destination local_logzilla {
program("/var/www/logzilla/scripts/db_insert.pl"
template("$HOST\t$FACILITY\t$PRIORITY\t$LEVEL\t$TAG\t$YEAR-$MONTH-$DAY\t$HOUR:$MIN:$SEC\t$PROGRAM\t$MSG\n"));
};
log {
source(localhost_all);
destination(local_logzilla);
};
注意修改路径/var/www/logzilla/
# /etc/init.d/syslog-ng restart
4.安装logzilla
tar -zxvf logzilla_v2.9.9o.tgz
mv php-syslog-ng logzilla
mv logzilla /var/www/
chown -R apache:apache /var/www/logzilla/html //确定httpd.conf中User 为apache,Group为apache
mkdir -p /var/log/logzilla
vim /etc/httpd/conf/httpd.conf
在最后加上
在最后加上
Alias /logs "/var/www/logzilla/html"
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
vim /etc/php.ini
display_errors = On //Off改成On
magic_quotes_gpc = On //Off改成On
memory_limit = 128M
max_execution_time = 300 //30改成300
magic_quotes_gpc = On //Off改成On
memory_limit = 128M
max_execution_time = 300 //30改成300
重启apache服务 service httpd start
启动mysql service mysqld start
重启syslog /etc/init.d/syslog-ng restart
启动mysql service mysqld start
重启syslog /etc/init.d/syslog-ng restart
cp /var/www/logzilla/scripts/contrib/system_configs/logrotate.d /etc/logrotate.d/logzilla
/usr/bin/mysqladmin -u root password 'zjhcsoft'
修改root的密码为zjhcsoft
/usr/bin/mysqladmin -u root password 'zjhcsoft'
修改root的密码为zjhcsoft
打开Firefox,最好不要用IE,不然在最后一步会卡死,事先不需要建立用户和表,只需要有建表和用户权限的
用户,例如root用户
用户,例如root用户
安装过程注意几点
1.事先修改root密码,填写的时候只需要填写root密码,会自动创建库和用户
2. Site URL : /logs/
如果是用IE浏览器,最后一个Install CEMDB点了没反映,这个时候手工导入表结构
mysql -usysloguser -psysloguser syslog < /var/www/logzilla/html/install/sql/cemdb.sql
如果使用firefox不会出现这个问题
替换脚本路径
cd /var/www/logzilla/scripts
./fixpaths.sh
/etc/init.d/syslog-ng restart
cd /var/www/logzilla/scripts
./fixpaths.sh
/etc/init.d/syslog-ng restart
刚开始出现这个错误:
USING TABLE: logs
There appear to be no hosts in the Database yet
You can generate fake ones using scripts/dbgen.pl
USING TABLE: logs
There appear to be no hosts in the Database yet
You can generate fake ones using scripts/dbgen.pl
修改config.php
# vim /var/www/logzilla/html/config/config.php
查找
define(‘DBHOST’, '127.0.0.1'); #把localhost改成IP要不然不会自动插入数据
# vim /var/www/logzilla/html/config/config.php
查找
define(‘DBHOST’, '127.0.0.1'); #把localhost改成IP要不然不会自动插入数据
# vim /var/www/logzilla/scripts/db_insert.pl
查看85行和90行,
确保位置为/var/www/logzilla/html/config/config.php
查看85行和90行,
确保位置为/var/www/logzilla/html/config/config.php
导入测试数据
[root@Centos5 logzilla]# perl /var/www/logzilla/scripts/contrib/dbgen/dbgen.pl
[root@Centos5 logzilla]# perl /var/www/logzilla/scripts/contrib/dbgen/dbgen.pl
Debug off, showing only inserted data...
Couldn't connect to 3306: connect: No such file or directory at /var/www/logzilla/scripts/contrib/dbgen/dbgen.pl line 205
Couldn't connect to 3306: connect: No such file or directory at /var/www/logzilla/scripts/contrib/dbgen/dbgen.pl line 205
这个问题暂时没解决,但是不影响客户端写入LOG
Linux客户端配置
vim /etc/syslog.conf 添加最后一行,其中192.168.64.129是服务器端的IP
vim /etc/syslog.conf 添加最后一行,其中192.168.64.129是服务器端的IP
local7.* /var/log/boot.log
*.emerg;*.err;*.warning @192.168.64.129
*.emerg;*.err;*.warning @192.168.64.129
# service syslog restart
# logger -p local7.err "This is a local.err test message."
# logger -p local7.err "This is a local.err test message."
在服务器上查看日志
cd /var/log/syslog-ng/network/all
tail network.log
说明可以收到信息,这个时候打开查看mysql数据库的logs表有记录,打开页面就正常了。
cd /var/log/syslog-ng/network/all
tail network.log
Jul 28 09:30:14 192.168.64.128 root: This is a local.err test message.
说明可以收到信息,这个时候打开查看mysql数据库的logs表有记录,打开页面就正常了。
如果syslog数据库的logs没有记录
# cpan Text::LevenshteinXS
重启syslog服务器的所有服务
# service mysqld restart
# service httpd restart
# service syslog-ng restart
最后来一个效果图:
点击下方的Graph后出现如下错误:
JpGraph Error Font file "/usr/share/fonts/truetype/msttcorefonts/verdana.ttf" is not readable or does not exist.
原因是,新版的php-syslog-ng考虑到旧版字库版权的问题,使用了verdana.ttf字库。而当前系统目录没有该字库
解决办法:
1)从Windows\Fonts目录中拷贝到上述的路径即可;
2)从网上下载,并放到上述目录下:执行:
# mkdir -p /usr/share/fonts/truetype/msttcorefonts/
# cd /usr/share/fonts/truetype/msttcorefonts/
# wget http://www.linuxfly.org/p_w_upload/verdana.ttf.zip
# unzip verdana.ttf.zip
# rm -f verdana.ttf.zip
2)从网上下载,并放到上述目录下:执行:
# mkdir -p /usr/share/fonts/truetype/msttcorefonts/
# cd /usr/share/fonts/truetype/msttcorefonts/
# wget http://www.linuxfly.org/p_w_upload/verdana.ttf.zip
# unzip verdana.ttf.zip
# rm -f verdana.ttf.zip
建立计划任务,每天收集客户端信息
# crontab -e
# LogZilla
@daily php /var/www/logzilla/scripts/logrotate.php >> /var/log/logzilla/logrotate.log
@daily find /var/www/logzilla/html/jpcache/ -atime 1 -exec rm -f '{}' ';'
0,5,10,15,20,25,30,35,40,45,50,55 * * * * php /var/www/logzilla/scripts/reloadcache.php >> /var/log/logzilla/reloadcache.log
# Demo LogZilla
# CHANGE TO MATCH YOUR DIRECTORY PATHS
@daily php /var/www/logzilla/scripts/logrotate.php >> /var/log/logzilla/logrotate.log
@daily find /var/www/logzilla/html/jpcache/ -atime 1 -exec rm -f '{}' ';'
0,5,10,15,20,25,30,35,40,45,50,55 * * * * php /var/www/logzilla/scripts/reloadcache.php >> /var/log/logzilla/reloadcache.log
# Demo LogZilla
# CHANGE TO MATCH YOUR DIRECTORY PATHS
# service crond restart
Windows下客户端的安装
因为windows没有syslog,所以需要安装一个插件
http://code.google.com/p/eventlog-to-syslog/
下载Evtsys_4.3.0_32-Bit.zip
下载后解压到c:\windows\system32\
然后安装
因为windows没有syslog,所以需要安装一个插件
http://code.google.com/p/eventlog-to-syslog/
下载Evtsys_4.3.0_32-Bit.zip
下载后解压到c:\windows\system32\
然后安装
c:\windows\system32\evtsys.exe -i -h 192.168.0.121
然后启动服务
net start evtsys
参考资料:
转载于:https://blog.51cto.com/hx100/362207
138
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
