rhel 5.11 搭建 rsyslog + loganalyzer 日志服务器

rsyslog + loganalyzer

一. 客户端

1 关闭syslog服务

chkconfig syslog off

service syslog stop

2 安装rsyslog

yum install rsyslog5*

3 配置

echo "*.*        @10.0.70.203" >> /etc/rsyslog.conf

echo "*.*       :ommysql:10.0.70.203,Syslog,syslog,syslog" >> /etc/rsyslog.conf

4 启动服务

service rsyslog restart

chkconfig rsyslog on

二. 服务端安装

下载 loganalyzer

yum install -y rsyslog5*

yum install -y perl-DBI

yum install -y libc-client

yum install -y unixODBC

yum install -y lm_sensors

yum install -y php53

yum install -y php53-pdo

yum install -y php53-gd

yum install -y php53-mysql

yum install -y php53-bcmath

yum install -y php53-soap

yum install -y php53-xml

yum install -y php53-mbstring

数据库配置

mysql --password=123456

DROP DATABASE IF EXISTS Syslog;

DROP DATABASE IF EXISTS loganalyzer;

create database loganalyzer;

source /usr/share/doc/rsyslog5-mysql-5.8.12/createDB.sql

具体根据操作系统目录：/usr/share/doc/ 来

GRANT ALL PRIVILEGES ON *.* TO 'syslog'@'localhost' IDENTIFIED BY 'syslog' WITH GRANT OPTION;

grant all on loganalyzer.* to lyzeruser@'localhost' identified by 'lyzeruser';

flush privileges;

exit

loganalyzer 安装

wget http://10.0.42.1:4201/soft/loganalyzer-4.1.3.tar.gz

tar zxvf loganalyzer-4.1.3.tar.gz

cd /root/loganalyzer-4.1.3

mkdir -p /var/www/html/loganalyzer

cp -r src/* /var/www/html/loganalyzer

cp -r contrib/* /var/www/html/loganalyzer

chown -R daemon.daemon /var/www/html/loganalyzer

cd /var/www/html/loganalyzer

sh configure.sh

sh secure.sh

WEB 配置

http://10.0.70.203/loganalyzer

Click here

Step 1 - Prerequisites

Click on Next

Step 2 - Verify File Permissions

操作系统运行：

chmod 666 /var/www/html/loganalyzer/config.php

web界面

Click ReCheck

Click Next

Step 3 - Basic Configuration 

Enable User Database ： 选择 “YES”

Database Host: localhost

Database Port： 3306

Database Name： loganalyzer

Table prefix： logcon_

Database User： lyzeruser

Database Password： lyzeruser

Require user to be logged in： No

Step 4 - Create Tables

Click Next

Step 5 - Check SQL Results

Click Next

Step 6 - Creating the Main Useraccount

Username： admin

Password：

Repeat Password：

Click Next

Step 7 - Create the first source for syslog messages

Name of the Source： My Syslog Source

Source Type： MYSQL Native

Select View： Syslog Fields

Table type: MonitorWare

Database Host： localhost

Database Name： Syslog

Database Tablename： SystemEvents

Database User： syslog

Database Password：

Enable Row Counting Yes

Click Next

Step 8 - Done

Installer Step  Finish!

服务器端设置

1 关闭syslog服务

chkconfig syslog off

service syslog stop

2 安装rsyslog

yum install rsyslog5*

vi /etc/rsyslog.conf

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)

$ModLoad imklog   # provides kernel logging support (previously done by rklogd)

$ModLoad immark  # provides --MARK-- message capability

$ModLoad imudp

$UDPServerRun 514

$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

$IncludeConfig /etc/rsyslog.d/*.conf

$ModLoad ommysql

*.info;mail.none;authpriv.none;cron.none                /var/log/messages

authpriv.*                                              /var/log/secure

mail.*                                                  -/var/log/maillog

cron.*                                                  /var/log/cron

*.emerg                                                 *

uucp,news.crit                                          /var/log/spooler

local7.*                                                /var/log/boot.log

*.*       :ommysql:localhost,Syslog,syslog,syslog

service rsyslog restart

chkconfig rsyslog on

history -c