rsyslog+loganalyaer配置中央日志服务器
原创
©著作权归作者所有:来自51CTO博客作者mxsn2008的原创作品,请联系作者获取转载授权,否则将追究法律责任
准备程序包
rsyslog-5.8.1.tar.gz
xvf loganalyzer-3.2.1.tar.gz
vi rsyslog.sh
#!/bin/sh
#mysql conf
mysql_user='root'
mysql_pwd='123456'
run_user='root'
run_pwd='123456'
# Install env.
yum -y install mysql mysql-devel mysql-server php php-mysql php-pdo php-common php-gd httpd zlib-devel gcc gcc-c++
# Install rsyslog..
tar rsyslog-5.8.1.tar.gz
cd rsyslog-5.8.1
./configure --enable-mysql --prefix=/usr/local/rsyslog
make && make install
cd ..
# creat rsyslog config..
sed -e "s/ommysql:localhost,Syslog,root,/ommysql:localhost,Syslog,${run_user},${run_pwd};dbFormat/g" rsyslog.conf > /etc/rsyslog.conf
# stop system syslog..
service syslog stop
chkconfig syslog off
# create rsyslog startup script
cp /etc/init.d/{syslog,rsyslog}
# edit rsyslog startup script
sed -i 's/syslog/rsyslog/g' /etc/init.d/rsyslog
chmod 700 /etc/init.d/rsyslog
chkconfig --add rsyslog
chkconfig rsyslog on
# create rsyslog bin ln
ln -sv /usr/local/rsyslog/sbin/rsyslogd /sbin/rsyslogd
# conf mysql
service mysqld start
chkconfig mysqld on
mysqladmin -u root password "${mysql_pwd}"
# create sql
cat > createDB.sql << EOF
CREATE DATABASE Syslog default character set 'utf8';
USE Syslog;
CREATE TABLE SystemEvents
(
ID int unsigned not null auto_increment primary key,
CustomerID bigint,
ReceivedAt datetime NULL,
DeviceReportedTime datetime NULL,
Facility smallint NULL,
Priority smallint NULL,
FromHost varchar(60) NULL,
Message text,
NTSeverity int NULL,
Importance int NULL,
EventSource varchar(60),
EventUser varchar(60) NULL,
EventCategory int NULL,
EventID int NULL,
EventBinaryData text NULL,
MaxAvailable int NULL,
CurrUsage int NULL,
MinUsage int NULL,
MaxUsage int NULL,
InfoUnitID int NULL ,
SysLogTag varchar(60),
EventLogType varchar(60),
GenericFileName VarChar(60),
SystemID int NULL
) DEFAULT CHARSET='utf8';
CREATE TABLE SystemEventsProperties
(
ID int unsigned not null auto_increment primary key,
SystemEventID int NULL ,
ParamName varchar(255) NULL ,
ParamValue text NULL
) DEFAULT CHARSET='utf8';
grant all privileges on Syslog.* to '${run_user}'@localhost identified by '${run_pwd}';
EOF
# import sql
mysql -u${mysql_user} -p${mysql_pwd} < createDB.sql
# start rsyslog
service rsyslog restart
# install loganalyzer
tar xvf loganalyzer-3.2.1.tar.gz
cd loganalyzer-3.2.1
cp -r src/ /var/www/html/loganalyzer
cp -r contrib/* /var/www/html/loganalyzer
cd ..
chown -R apache.apache /var/www/html/loganalyzer
# use web install loganalyzer.
/bin/sh /var/www/html/loganalyzer/configure.sh
/bin/sh /var/www/html/loganalyzer/secure.sh
# start httpd
service httpd start
chkconfig httpd on
# edit src/include/functions_common.php function GetStringWithHTMLCodes
sed -i 's/htmlentities.*/htmlentities(\$myStr,ENT_QUOTES,"UTF-8");/g' /var/www/html/loganalyzer/include/functions_common.php
# reduce the privilege
read -n 1 -p 'Please go to install web, when finished, press Enter...'
cat > priv.sql << EOF
revoke all privileges on Syslog.* from '${run_user}'@localhost;
grant insert,delete,update,select,alter on Syslog.* to '${run_user}'@localhost identified by '${run_pwd}';
EOF
mysql -u${mysql_user} -p${mysql_pwd} < priv.sql
# clean
rm -rf priv.sql createDB.sql loganalyzer-3.2.1 rsyslog-5.8.1
chmod +x rsyslog.sh
./rsyslog.sh
如与panabit流量监控相结合的话.终端会一直弹出数据.无法操作.可以改下
弹出数据为Message from syslogd@2011-06-13T19:43:04.846104+08:00 10.35.2.2 PNB0>www 1307994563
vi /etc/rsyslog.conf
#*.emerg *
service rsyslog restart
http://www.wushiqin.com/?p=76 转载
提问和评论都可以,用心的回复会被更多人看到
评论
发布评论
相关文章
-
rsyslog+loganalyzer搭建rsyslog日志服务器
rsyslog+loganalyzer搭建rsyslog日志服务器rsyslog日志服务器rsyslog搭建oganalyzer搭建
linux php html mysql analyzer