天天看點
傳回

rsyslog+logAnalyzer+MySQL日志伺服器

ryslog 是一個快速處理收集系統日志的程式,提供了高性能、安全功能和子產品化設計。rsyslog 是syslog的更新版,它将多種來源輸入輸出轉換結果到目的地,據官網介紹,現在可以處理100萬條資訊

LogAnalyzer 是一款syslog日志和其他網絡事件資料的Web前端。它提供了對日志的簡單浏覽、搜尋、基本分析和一些圖表報告的功能。資料可以從資料庫或一般的syslog文本檔案中擷取,是以LogAnalyzer不需要改變現有的記錄架構。基于目前的日志資料,它可以處理syslog日志消息,Windows事件日志記錄,支援故障排除,使使用者能夠快速查找日志資料中看出問題的解決方案。

LogAnalyzer 擷取用戶端日志會有兩種儲存模式,一種是直接讀取用戶端/var/log/目錄下的日志并儲存到服務端該目錄下,一種是讀取後儲存到日志伺服器資料庫中,推薦使用後者。

LogAnalyzer 采用php開發,是以日志伺服器需要php的運作環境,本文采用LAMP/LNMP

實驗環境

centos6.9_x64

server:192.168.1.128  rsyslog+logAnalyzer

client:192.168.1.135  rsyslog

實驗軟體

loganalyzer-3.6.5.tar.gz

軟體安裝

yum clean all

yum makecache -y

yum install rsyslog-mysql –y

yum install -y httpd* mysql mysql-devel mysql-server php php-gd php-xml php-mysql

vim/etc/httpd/conf/httpd.conf 

#ServerNamewww.example.com:80

ServerName       *:80

#AddTypeapplication/x-tar .tgz

AddTypeapplication/x-tar .tgz

AddTypeapplication/x-httpd-php .php

service mysqld restart

service httpd restart

chkconfig --level 35 mysqld on

chkconfig --level 35 httpd on 

mysqladmin  -uroot password 資料庫密碼

mysql -uroot -p資料庫密碼

Welcome to the MySQL monitor.  Commands end with ; or \g.

Your MySQL connection id is 3

Server version: 5.1.73 Source distribution

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its

affiliates. Other names may be trademarks of their respective

owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>  

touch /var/www/html/test.php

vim /var/www/html/test.php 

<?php

phpinfo();

?>

service httpd reload

<a href="http://192.168.1.128/test.php" target="_blank">http://192.168.1.128/test.php</a>

<a href="https://s4.51cto.com/wyfs02/M02/97/13/wKiom1ko2rniLegVAAFJJ3_6yz8660.jpg-wh_500x0-wm_3-wmp_4-s_3667942191.jpg" target="_blank"></a>

mysql -uroot -p資料庫密碼 &lt; /usr/share/doc/rsyslog-mysql-5.8.10/createDB.sql

mysql&gt; show databases;

+--------------------+

| Database           |

| information_schema |

| Syslog             |

| mysql              |

| test               |

4 rows in set (0.00 sec)

mysql&gt; use Syslog;

Reading table information for completion of table and column names

You can turn off this feature to get a quicker startup with -A

Database changed

mysql&gt; show tables;

+------------------------+

| Tables_in_Syslog       |

| SystemEvents           |

| SystemEventsProperties |

2 rows in set (0.00 sec) 

mysql&gt; grant all on Syslog.* to rsyslog@localhost identified by '123456';

Query OK, 0 rows affected (0.00 sec)

mysql&gt; flush privileges;

mysql&gt; exit

Bye

mysql -ursyslog -p資料庫密碼

Your MySQL connection id is 8

mysql&gt; 

vim /etc/rsyslog.conf

#### MODULES ####

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)

$ModLoad imklog   # provides kernel logging support (previously done by rklogd)

#$ModLoad immark  # provides --MARK-- message capability

$ModLoad immark  # provides --MARK-- message capability 修改為

$ModLoad ommysql

*.* :ommysql:localhost,Syslog,rsyslog,123456 添加兩行配置

# Provides UDP syslog reception

#$ModLoad imudp

#$UDPServerRun 514

$ModLoad imudp

$UDPServerRun 514   修改為

# Provides TCP syslog reception

$ModLoad imtcp

$InputTCPServerRun 514

service rsyslog restart

netstat -tuplna | grep rsyslog

udp        0      0 0.0.0.0:48048               0.0.0.0:*                               2687/rsyslogd   

ps -aux | grep rsyslog

Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.8/FAQ

root      2687  0.0  0.1 189956  1568 ?        Sl   11:06   0:00 /sbin/rsyslogd -i /var/run/syslogd.pid -c 5

root      2695  0.0  0.0 103332   884 pts/0    S+   11:07   0:00 grep rsyslog

chkconfig --level 35 rsyslog on    以上所有操作為 server端操作

rpm -qa | grep rsyslog  client端操作

yum install -y rsyslog

*.* @192.168.1.128     最後一行添加 192.168.1.128 server端ip

chkconfig --level 35 rsyslog on 

vim /etc/bashrc

export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg"; }' 最後一行寫入

source /etc/bashrc 

service端測試

tailf  /var/log/messages

May 27 11:11:24 centos6 dhclient[1549]: DHCPACK from 192.168.1.254 (xid=0x41231c53)

May 27 11:11:26 centos6 dhclient[1549]: bound to 192.168.1.128 -- renewal in 835 seconds.

May 27 11:11:37 centos6-1 dhclient[1553]: DHCPREQUEST on eth0 to 192.168.1.254 port 67 (xid=0x15f81e3e)

May 27 11:11:37 centos6-1 dhclient[1553]: DHCPACK from 192.168.1.254 (xid=0x15f81e3e)

May 27 11:11:39 centos6-1 dhclient[1553]: bound to 192.168.1.135 -- renewal in 769 seconds.

May 27 11:12:32 centos6-1 root: [euid=root]:root pts/0 2017-05-27 09:15 (192.168.1.1):[/root]source /etc/bashrc

May 27 11:17:47 centos6-1 root: [euid=root]:root pts/0 2017-05-27 09:15 (192.168.1.1):[/root]clear

May 27 11:18:47 centos6-1 root: [euid=root]:root pts/0 2017-05-27 09:15 (192.168.1.1):[/root]dd

May 27 11:18:52 centos6-1 root: [euid=root]:root pts/0 2017-05-27 09:15 (192.168.1.1):[/root]dd

May 27 11:18:55 centos6-1 root: [euid=root]:root pts/0 2017-05-27 09:15 (192.168.1.1):[/root]de

May 27 11:18:56 centos6-1 root: [euid=root]:root pts/0 2017-05-27 09:15 (192.168.1.1):[/root]deer

May 27 11:18:57 centos6-1 root: [euid=root]:root pts/0 2017-05-27 09:15 (192.168.1.1):[/root]erwie

May 27 11:19:01 centos6-1 root: [euid=root]:root pts/0 2017-05-27 09:15 (192.168.1.1):[/root]clare

May 27 11:19:03 centos6-1 root: [euid=root]:root pts/0 2017-05-27 09:15 (192.168.1.1):[/root]clear

May 27 11:19:05 centos6-1 root: [euid=root]:root pts/0 2017-05-27 09:15 (192.168.1.1):[/root]dei

May 27 11:19:12 centos6-1 root: [euid=root]:root pts/0 2017-05-27 09:15 (192.168.1.1):[/root]dadfe  說明服務端可以接受用戶端的日志

client端測試

[root@centos6-1 ~]# dei

-bash: dei: command not found

[root@centos6-1 ~]# dadfe

-bash: dadfe: command not found

tar zxvf loganalyzer-3.6.5.tar.gz

cd loganalyzer-3.6.5

mkdir -p /var/www/html/loganalyzer

cp -rv src/* /var/www/html/loganalyzer/

<a href="https://s2.51cto.com/wyfs02/M02/97/1B/wKioL1kpBz3jESU5AABDYFLU8pE849.jpg-wh_500x0-wm_3-wmp_4-s_1901512791.jpg" target="_blank"></a>

<a href="https://s2.51cto.com/wyfs02/M00/97/1A/wKiom1kpBz7wNfq8AACpiDFjWyA747.jpg-wh_500x0-wm_3-wmp_4-s_4172937216.jpg" target="_blank"></a>

<a href="https://s2.51cto.com/wyfs02/M01/97/1A/wKiom1kpBz6TevZaAAC3XQG2Yec965.jpg-wh_500x0-wm_3-wmp_4-s_1686418385.jpg" target="_blank"></a>

touch /var/www/html/loganalyzer/config.php

chmod 666 /var/www/html/loganalyzer/config.php

<a href="https://s5.51cto.com/wyfs02/M01/97/1B/wKioL1kpBz-A-T3pAAC10F-C6bg292.jpg-wh_500x0-wm_3-wmp_4-s_1745486181.jpg" target="_blank"></a>

<a href="https://s5.51cto.com/wyfs02/M00/97/1B/wKioL1kpBz_CbhyLAAEGdNzxBUo207.jpg-wh_500x0-wm_3-wmp_4-s_3744929489.jpg" target="_blank"></a>

<a href="https://s4.51cto.com/wyfs02/M01/97/1A/wKiom1kpB0Cwvi3iAADjGKd3GaE682.jpg-wh_500x0-wm_3-wmp_4-s_4148187915.jpg" target="_blank"></a>

<a href="https://s4.51cto.com/wyfs02/M01/97/1B/wKioL1kpB0CyZ9yQAAC2BnBxDtA578.jpg-wh_500x0-wm_3-wmp_4-s_2649608858.jpg" target="_blank"></a>

<a href="https://s1.51cto.com/wyfs02/M00/97/1A/wKiom1kpB0LzE564AADlWINM9XA186.jpg-wh_500x0-wm_3-wmp_4-s_1124652963.jpg" target="_blank"></a>

<a href="https://s4.51cto.com/wyfs02/M02/97/1A/wKiom1kpB0GgpThXAAD6VlTDiCE096.jpg-wh_500x0-wm_3-wmp_4-s_3710720955.jpg" target="_blank"></a>

<a href="https://s4.51cto.com/wyfs02/M02/97/1B/wKioL1kpB0Gwe0MBAACiQft4iXU138.jpg-wh_500x0-wm_3-wmp_4-s_867689455.jpg" target="_blank"></a>

<a href="https://s4.51cto.com/wyfs02/M02/97/1A/wKiom1kpB0KTnc9XAAC49IHwsNQ294.jpg-wh_500x0-wm_3-wmp_4-s_1552373919.jpg" target="_blank"></a>

<a href="https://s5.51cto.com/wyfs02/M02/97/1B/wKioL1kpB0PzCDrMAAEO9JXz7pM898.jpg-wh_500x0-wm_3-wmp_4-s_1400393536.jpg" target="_blank"></a>

<a href="https://s1.51cto.com/wyfs02/M01/97/1B/wKioL1kpCBHSJm9SAAD6TLu1ovc348.jpg-wh_500x0-wm_3-wmp_4-s_1556237332.jpg" target="_blank"></a>

<a href="https://s1.51cto.com/wyfs02/M02/97/1A/wKiom1kpCBHQrH0PAADx41OmTlg494.jpg-wh_500x0-wm_3-wmp_4-s_877180078.jpg" target="_blank"></a>

<a href="https://s5.51cto.com/wyfs02/M02/97/1B/wKioL1kpCCeSftLzAANdSeR_Uzs630.jpg-wh_500x0-wm_3-wmp_4-s_2873548969.jpg" target="_blank"></a>

ll /usr/local/nginx/html/loganalyzer/lang/

total 12

drwxr-xr-x 2 root  root  4096 Jun 19 13:19 de

drwxr-xr-x 2 root  root  4096 Jun 19 13:19 en

官網安裝包預設沒有中文語言包,下載下傳複制到此目錄即可切換中文

drwxr-xr-x 2 root root 4096 Jun 19 13:19 de

drwxr-xr-x 2 root root 4096 Jun 19 13:19 en

drwxrwxr-x 2 root root 4096 Jun 19 13:36 zh

<a href="https://s5.51cto.com/wyfs02/M01/99/55/wKioL1lHZm_xgt2WAALLihyMs9k201.jpg-wh_500x0-wm_3-wmp_4-s_2493707295.jpg" target="_blank"></a>

<a href="https://s1.51cto.com/wyfs02/M02/99/55/wKiom1lHZnCRqzzbAAJsUMZEwjk905.jpg-wh_500x0-wm_3-wmp_4-s_1425779772.jpg" target="_blank"></a>

本文轉自 mailfile 51CTO部落格,原文連結:http://blog.51cto.com/mailfile/1930167,如需轉載請自行聯系原作者

Web App開發 監控 關系型資料庫 php 資料庫 rsyslog mysql日志伺服器 web伺服器mysql mysql日志伺服器 mysql伺服器corosync 重新開機伺服器mysql
上一篇: 『學了就忘』vim編輯器基礎 — 96、末行模式中的相關指令
下一篇: Linux核心參數調優之IO調優(一)

繼續閱讀