Centos7.8+loganalyzer+mariadb 日志服务器搭建过程

最新推荐文章于 2021-01-27 18:02:49 发布

yao114004

最新推荐文章于 2021-01-27 18:02:49 发布

阅读量1k

点赞数

文章标签： centos

本文链接：https://blog.csdn.net/yao114004/article/details/108122758

版权

1、首先关闭防火墙和selinux
systemctl stop firewalld.service
systemctl disable firewalld.service
systemctl status firewalld.service
关闭selinux
vi /etc/selinux/config，将SELINUX=enforcing改为SELINUX=disabled，然后重启

2、安装数据库
安装mariadb数据库。
yum -y install mariadb mariadb-server

3、启动并初始化数据库
启动mariadb数据库服务器
systemctl start mariadb.service
systemctl enable mariadb

初始化数据库
[root@localhost ~]# /bin/mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MySQL to secure it, we’ll need the current
password for the root user. If you’ve just installed MySQL, and
you haven’t set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):<–初次运行直接回车
OK, successfully used password, moving on…
Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.
Set root password? [Y/n] <– 是否设置root用户密码，输入y并回车或直接回车
New password: <– 设置root用户的密码
Re-enter new password: <– 再输入一次你设置的密码
Password updated successfully!
Reloading privilege tables…
… Success!
By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] <– 是否删除匿名用户,生产环境建议删除，所以直接回车
… Success!
Normally, root should only be allowed to connect from ‘localhost’. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] <–是否禁止root远程登录,根据自己的需求选择y并回车,建议禁止
… Success!
By default, MySQL comes with a database named ‘test’ that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] <– 是否删除test数据库,直接回车

Dropping test database…
… Success!
Removing privileges on test database…
… Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] <– 是否重新加载权限表，直接回车
… Success!
Cleaning up…
All done! If you’ve completed all of the above steps, your MySQL
installation should now be secure.
Thanks for using MySQL!

4、添加数据库和用户
[root@localhost ~]# mysql -uroot -p

创建”rsyslog”的数据库，字符编码设置为utf 8
create database rsyslog character set utf8 collate utf8_bin;

对数据库“rsyslog”创建全权限的rsyslog,的本地用户，设置密码为“rsyslog”
这里很重要，在后面配置数据库的时候需要用到的信息
grant all privileges on rsyslog.* to ‘rsyslog’@‘localhost’ identified by ‘rsyslog’;flush privileges;

5、安装 rsyslog 的 MySQL 扩展程序包 rsyslog-mysql
安装rsyslog
[root@localhost ~]# yum -y install rsyslog-mysql

6、将 rsyslog 的 MySQL 表导入创建的 rsyslog 数据库，并给予用户权限
将 rsyslog 的 MySQL 表导入创建的 rsyslog 数据库
mysql -uroot -p < /usr/share/doc/rsyslog-8.24.0/mysql-createDB.sql

[root@localhost ~]# mysql -uroot -p < /usr/share/doc/rsyslog-8.24.0/mysql-createDB.sql
Enter password:
[root@localhost ~]#

7、创建数据库Syslog,设置本地用户rsyslog,密码rsyslog,全部权限
mysql -uroot -p
grant all privileges on Syslog.* to ‘rsyslog’@’%’ identified by ‘rsyslog’;flush privileges;

8、修改 rsyslog 配置文件
vi /etc/rsyslog.conf

$ModLoad ommysql
. :ommysql:localhost,Syslog,rsyslog,rsyslog
#日志 :ommysql:数据库地址,数据库名,数据库用户,数据库用户密码

使用UDP协议传输

$ModLoad imudp
$UDPServerRun 514
$UDPServerRun 38514

#使用TCP协议传输（两者可同时使用）
$ModLoad imtcp
$InputTCPServerRun 514
$InputTCPServerRun 38514 #华为交换机默认发送日志端口

注意，在修改配置文件的时候，要使功能生效，需要将“#”删掉

9、重启rsyslog服务
systemctl restart rsyslog.service
systemctl enable rsyslog.service

10、准备web环境
安装所需软件
yum install httpd php php-mysql php-gd -y

11、下载 loganalyzer
yum install unzip wget -y

在apache的默认documentRoot目录下创建loganalyzer目录:
mkdir -p /var/www/html/log

创建loganalyzer日志目录:
mkdir -p /var/log/httpd/log
cd /usr/local/src
wget http://download.adiscon.com/loganalyzer/loganalyzer-4.1.11.tar.gz
tar -zxvf loganalyzer-4.1.11.tar.gz
cd loganalyzer-4.1.11
cp -r src/* /var/www/html/log
cp -r contrib/* /var/www/html/log
cd /var/www/html/log
chmod +x configure.sh secure.sh
./configure.sh
./secure.sh
touch config.php
chmod 666 config.php
chown -R apache.apache *
systemctl start httpd
systemctl enable httpd
systemctl status httpd
重启服务器

19 登录http://你的IP/log，过程中只有两个步骤要注意：
在这里插入图片描述

搭建完毕

问题跟踪
1、无法创建后台管理员账户
灵感来自http://www.showerlee.com/archives/465
故障原因：此处应为bug，新建的数据库表格中last_login是不允许空值存在，故在setup的时候无法添加用户。
解决办法：详见安装步骤六

2、关于重新安装
解决办法：1）可直接清空config.php文件
[root@rsyslog loganalyzer]# > config.php
2）清空数据中导入的logcon_*表

3、中文显示乱码问题
解决办法：在admin center中修改“Default character encoding”项，选择UTF-8即可

4、登录后出现以下错误提示：Could not find the configured table, maybe misspelled or the tablenames are…
解决办法：修改config.php中的$CFG[‘Sources’][‘Source1’][‘DBTableName’] = ‘SystemEvents’; 注意大小写

5、关闭分析页面中的捐赠按钮
解决办法：修改include/functions_common.php中$content[‘SHOW_DONATEBUTTON’] = false; // Default = true!

6、替换分析页面logo
解决办法：替换images/main/目录下的Header-Logo.png文件

参考文章：
http://litaotao.blog.51cto.com/6224470/1283871 点评：各个参数写的都很咨询
http://www.godblessyuan.com/2015/05/02/rsyslog_loganalyzer_setting/ 点评：部署过程很清晰易懂
http://www.showerlee.com/archives/465 点评：首个发现logcon_users中last_login是不允许是空值