YUM源建立,如果有的話,可以省略
# cat >> /etc/yum.repos.d/sohu.repo <<EOF
[sohu]
name=sohu's mirrors
baseurl=http://mirrors.sohu.com/centos/5/os/x86_64/
enabled=1
gpgcheck=0
EOF
安裝LAMP環境及rsyslog,如果有LAMP,隻需要安裝rsyslog rsyslog-mysql即可
yum install rsyslog rsyslog-mysql mysql mysql-devel mysql-server php php-mysql php-pdo php-common php-gd httpd
導入rsyslog資料庫
mysql -u root -p < $(rpm -ql rsyslog-mysql | grep sql$)
建立資料庫使用者
mysql -u root -p
mysql> grant all privileges on Syslog.* to logger@localhost identified by 'logger';
mysql> flush privileges;
mysql> exit;
修改rsyslog的配置檔案
# vi /etc/rsyslog.conf //修改一下即可
# Use traditional timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# Provides kernel logging support (previously done by rklogd)
# Provides support for local system logging (e.g. via logger command)
$ModLoad immark
$ModLoad imuxsock
$ModLoad imklog
$ModLoad ommysql
*.* :ommysql:127.0.0.1,Syslog,logger,logger
$ModLoad imudp.so
$UDPServerRun 514
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
紅色部分是添加的,其它的對比一下,有的就略過,沒的就添加一下吧。
安裝LogAnalyzer
# wget http://download.adiscon.com/loganalyzer/loganalyzer-3.6.3.tar.gz
# tar xf loganalyzer-3.6.3.tar.gz
# mkdir /var/www/html/loganalyzer
# mv loganalyzer-3.6.3/src/* /var/www/html/loganalyze
# touch /var/www/html/loganalyzer/config.php
# chmod 666 /var/www/html/loganalyzer/config.php
通過浏覽器安裝即可
<a href="http://blog.51cto.com/attachment/201305/122022825.jpg" target="_blank"></a>
<a href="http://blog.51cto.com/attachment/201305/122038124.jpg" target="_blank"></a>
<a href="http://blog.51cto.com/attachment/201305/122050300.jpg" target="_blank"></a>
<a href="http://blog.51cto.com/attachment/201305/122059568.jpg" target="_blank"></a>
<a href="http://blog.51cto.com/attachment/201305/122113533.jpg" target="_blank"></a>
以上就完成了loganalyzer的安裝,登陸檢視
<a href="http://blog.51cto.com/attachment/201305/122206543.jpg" target="_blank"></a>
下載下傳evtsys http://code.google.com/p/eventlog-to-syslog/
解壓縮放到 C:\Windows\System32
evtsys -i -s 10 -h log-server-ip -p 514
net start evtsys
在安裝的時候,會報一個錯誤,是配置檔案的問題,可以忽略不用管,隻要看到最後的安裝成功即可。以下附上詳細的參數
Version: 4.4 (32-bit)
Usage: evtsys.exe -i|-u|-d [-h host] [-b host] [-f facility] [-p port]
[-s minutes] [-l level] [-n]
-i Install service
-u Uninstall service
-d Debug: run as console program
-h host Name of log host
-b host Name of secondary log host (optional)
-f facility Facility level of syslog message
-l level Minimum level to send to syslog.\n", stderr);
0=All/Verbose, 1=Critical, 2=Error, 3=Warning, 4=Info
-n Include only those events specified in the config file.
-p port Port number of syslogd
-q bool Query the Dhcp server to obtain the syslog/port to log to
(0/1 = disable/enable)
-s minutes Optional interval between status messages. 0 = Disabled
Default port: 514
Default facility: daemon
Default status interval: 0
Host (-h) required if installing.
以下是在Loganalyzer上看到的Windows的日志,很明顯的windows日志。監控Linux日志就很簡單了,直接修改配置檔案,把日志發送一份到日志伺服器即可,這裡不再詳細的說明。
<a href="http://blog.51cto.com/attachment/201305/122537594.jpg" target="_blank"></a>
本文轉自 gm100861 51CTO部落格,原文連結:http://blog.51cto.com/gm100861/1191164
![Mac|Windows系統本地照片自動上傳到伺服器[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)