一、簡介
在centos7系統中,預設的日志系統是rsyslog,它是一類unix系統上使用的開源工具,用于在ip網絡中轉發日志資訊,rsyslog采用子產品化設計,是syslog的替代品。
1、rsyslog特點
實作了基本的syslog協定
直接相容syslogd的syslog.conf配置檔案
在同一台機器上支援多個rsyslogd程序,支援多線程
豐富的過濾功能,可以實作過濾日志資訊中的任何部分,可将消息過濾後在轉發
靈活的配置選項,配置檔案中可以寫簡單的邏輯判斷,自定義輸出格式等
增加了重要的功能,如使用tcp進行消息傳輸,支援UDP,TCP,SSL,TLS,RELP
有現成的前端web展示程式
可以使用MySQL,PGSQL,Oralce實作日志存儲
預設安裝的rsyslog軟體包提供的守護程序是rsyslog,它是一項系統的基礎服務,應該設定開機運作
2、核心組成
facility(設施,收集管道),priority(級别),target(路徑)
facility:從功能或程式上對日志進行分類
auth:認證相關
authpriv:認證權限相關
cron:計劃任務相關
daemon:守護程序相關
kern:核心相關
lpr:列印相關
mail:郵件相關
news:新聞相關
security:安全相關
syslog:自身日志
user:使用者相關
uucp:unix to unix copy,早期系統檔案共享服務
local0-local7:使用者自定義facility
priority:日志級别也可以叫loglevel
debug:調試
info:除去debug外的所有資訊
notice:注意
warn,warning:警告
err,error:錯誤資訊
crit:藍色警報
alert:橙色警報
emerg,panic:紅色警報
指定級别的方式:
*:所有級别
none:沒有級别
priority:比此級别高的(包含)所有級别的日志資訊都會記錄
=priority:僅記錄指定級别
target:路徑
檔案路徑:将日志記錄于指定的檔案中;在檔案路徑之前使用”-“,表示異步寫入;
使用者:将日志資訊通知給檔案
*:所有使用者
日志伺服器:@SERVER
管道:| COMMAND
3、配置檔案明細
vim /etc/rsyslog.conf
1 # rsyslog configuration file
2
3 # For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
4 # If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
5
6 #### MODULES #### #子產品部分 7
8 # The imjournal module bellow is now used as a message source instead of imuxsock.
9 $ModLoad imuxsock #支援本地系統 provides support for local system logging (e.g. via logger command)
10 $ModLoad imjournal # provides access to the systemd journal
11 #$ModLoad imklog # reads kernel messages (the same are read from journald)
12 #$ModLoad immark # provides --MARK-- message capability
13
14 # Provides UDP syslog reception
15 #$ModLoad imudp
16 #$UDPServerRun 514
17
18 # Provides TCP syslog reception
19 #$ModLoad imtcp
20 #$InputTCPServerRun 514
21
22
23 #### GLOBAL DIRECTIVES #### #全局指定 24
25 # Where to place auxiliary files
26 $WorkDirectory /var/lib/rsyslog
27
28 # Use default timestamp format
29 $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
30
31 # File syncing capability is disabled by default. This feature is usually not required,
32 # not useful and an extreme performance hit
33 #$ActionFileEnableSync on
34
35 # Include all config files in /etc/rsyslog.d/
36 $IncludeConfig /etc/rsyslog.d/*.conf
37
38 # Turn off message reception via local log socket;
39 # local messages are retrieved through imjournal now.
40 $OmitLocalLogging on
41
42 # File to store the position in the journal
43 $IMJournalStateFile imjournal.state
44
45
46 #### RULES #### #規則部分 47
48 # Log all kernel messages to the console.
49 # Logging much else clutters up the screen.
50 # 本地實體終端,比如啟動引導的時候,列印在螢幕上的日志,可以用dmesg看
51 #kern.* /dev/console
52
53 # Log anything (except mail) of level info or higher.
54 # Don't log private authentication messages!
55 #可以使用分号隔開,”*.info“所有的info,排除mail ,authpriv,cron
56 *.info;mail.none;authpriv.none;cron.none /var/log/messages
57
58 #如果想給發給日志伺服器隻需要指定伺服器
59 #*.info;mail.none;authpriv.none;cron.none @192.168.216.53
60
61
62
63 # The authpriv file has restricted access.
64 #authpriv.* ,authpriv的任何級别
65 authpriv.* /var/log/secure
66
67 # Log all the mail messages in one place.
68 #任意的mail,-/var/log/maillog 減号是異步的意思,因為不是特别關鍵,是以異步,節省效率
69 mail.* -/var/log/maillog
70
71
72 # Log cron stuff
73 cron.* /var/log/cron
74
75 # Everybody gets emergency messages
76 #所有登陸到系統上的使用者的資訊
77 *.emerg :omusrmsg:*
78
79 # Save news errors of level crit and higher in a special file.
80 #”,“代表uucp和news都使用一個級别crit警告
81 uucp,news.crit /var/log/spooler
82
83 # Save boot messages also to boot.log
84 #自定義日志,比如說添加一個local2,對應修改sshd配置檔案
85 local7.* /var/log/boot.log
86 #local2.* /var/log/sshd.log
87 # ### begin forwarding rule ###
88 # The statement between the begin ... end define a SINGLE forwarding
89 # rule. They belong together, do NOT split them. If you create multiple
90 # forwarding rules, duplicate the whole block!
91 # Remote Logging (we use TCP for reliable delivery)
92 #
93 # An on-disk queue is created for this action. If the remote host is
94 # down, messages are spooled to disk and sent when it is up again.
95 #$ActionQueueFileName fwdRule1 # unique name prefix for spool files
96 #$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
97 #$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
98 #$ActionQueueType LinkedList # run asynchronously
99 #$ActionResumeRetryCount -1 # infinite retries if host is down
100 # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
101 #*.* @@remote-host:514
102 # ### end of the forwarding rule ###
2、loganalyzer是一款syslog日志和其他網絡時間資料的web前端,它提供了對日志的簡單浏覽、搜尋、基本分析和一些圖表報告的功能。資料可以從資料庫或一般syslog文本檔案中擷取,所有loganalyzer不需要改變現有的記錄架構。基于目前的日志資料,它可以處理syslog日志消息windows事件日志記錄,支援故障排除,使使用者能快速查找日志資料中看出問題的解決方案
3、loganalyzer擷取用戶端日志會有兩種儲存模式,一種是直接讀取用戶端/var/log目錄下的日志并儲存到服務端該目錄下,一種是讀取後儲存日志伺服器資料庫中,這裡測試的是mariadb資料庫
4、loganalyzer采用php開發,是以服務需要php的運作環境,這裡用的lnmp
5、程式環境
192.168.216.51 web
192.168.216.52 mysql
192.168.216.53 rsyslog-mysql
所有軟體版本
1 [[email protected] loganalyzer]# cat /etc/centos-release
2 CentOS Linux release 7.6.1810 (Core)
3 [[email protected] loganalyzer]# rpm -qa |grep nginx
4 nginx-filesystem-1.12.2-2.el7.noarch
5 nginx-1.12.2-2.el7.x86_64
6 nginx-mod-http-xslt-filter-1.12.2-2.el7.x86_64
7 nginx-mod-http-geoip-1.12.2-2.el7.x86_64
8 nginx-mod-http-perl-1.12.2-2.el7.x86_64
9 nginx-all-modules-1.12.2-2.el7.noarch
10 nginx-mod-mail-1.12.2-2.el7.x86_64
11 nginx-mod-http-image-filter-1.12.2-2.el7.x86_64
12 nginx-mod-stream-1.12.2-2.el7.x86_64
13 [[email protected] loganalyzer]# rpm -qa |grep php-fpm
14 php-fpm-5.4.16-46.el7.x86_64
15 [[email protected] loganalyzer]# rpm -qa |grep rsyslog
16 rsyslog-8.24.0-34.el7.x86_64
17 rsyslog-mysql-8.24.0-34.el7.x86_64
loganalyzer-4.1.5
1 [[email protected] ~]# rpm -qa |grep mariadb
2 mariadb-5.5.60-1.el7_5.x86_64
3 mariadb-server-5.5.60-1.el7_5.x86_64
4 mariadb-libs-5.5.60-1.el7_5.x86_64
5 [[email protected] ~]# rpm -qa |grep rsyslog
6 rsyslog-8.24.0-34.el7.x86_64
7 [[email protected] ~]#
二、部署
1、環境
2、實驗1:部署web的rsyslog-client,messages日志發送到rsyslog伺服器
1)、51-web1伺服器
vim /etc/rsyslog.conf
1 #*.info;mail.none;authpriv.none;cron.none /var/log/messages
2 *.info;mail.none;authpriv.none;cron.none @192.168.216.53 #指定rsyslog伺服器,很簡單
3 $ModLoad imudp
4 $UDPServerRun 514 #可以指定一個udp端口,預設也是udp的,看需求安排
重新開機服務
systemctl restart rsyslog
systemctl enable rsyslog
2)、53-web3伺服器,rsyslog伺服器
vim /etc/rsyslog.conf
指定端口
$ModLoad imudp
$UDPServerRun 514
systemctl restart rsyslog
systemctl enable rsyslog
3)、測試效果
51
1 [[email protected] web]# !system
2 systemctl restart nginx
53
1 [[email protected] ~]# tail /var/log/messages
2 Mar 6 12:13:51 web3 avahi-daemon[6119]: Registering new address record for fe80::3409:e73d:1ef:2e1 on ens33.*.
3 Mar 6 12:13:51 web3 avahi-daemon[6119]: Registering new address record for fe80::39cb:d8d1:a78b:9be1 on ens33.*.
4 Mar 6 12:13:51 web3 avahi-daemon[6119]: Registering new address record for 192.168.216.53 on ens33.IPv4.
5 Mar 6 12:13:51 web3 avahi-daemon[6119]: Registering HINFO record with values 'X86_64'/'LINUX'.
6 Mar 6 12:14:15 web1 systemd: Stopping The nginx HTTP and reverse proxy server...
7 Mar 6 12:14:15 web1 systemd: Stopped The nginx HTTP and reverse proxy server.
8 Mar 6 12:14:15 web1 systemd: Starting The nginx HTTP and reverse proxy server...
9 Mar 6 12:14:15 web1 nginx: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
10 Mar 6 12:14:15 web1 nginx: nginx: configuration file /etc/nginx/nginx.conf test is successful
11 Mar 6 12:14:15 web1 systemd: Started The nginx HTTP and reverse proxy server.
12 [[email protected] ~]#
3、實驗2:配置基于mysql存儲日志資訊
1 )、51上安裝資料庫插件
yum install rsyslog-mysql
1 [[email protected] web]# rpm -ql rsyslog-mysql
2 /usr/lib64/rsyslog/ommysql.so
3 /usr/share/doc/rsyslog-8.24.0/mysql-createDB.sql
2)、 53上安裝mysql資料庫,并配置
yum install mariadb-server mariadb
systemctl start mariadb
systemctl enable mariadb
1 [[email protected] ~]# mysql #進入mysql
2 Welcome to the MariaDB monitor. Commands end with ; or \g.
3 Your MariaDB connection id is 2
4 Server version: 5.5.60-MariaDB MariaDB Server
5
6 Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
7
8 Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
9
10 11 1213 to your MariaDB server version for the right syntax to use near 'usem mysql' at line 1
14 MariaDB [(none)]> use mysql; #修改root密碼1
15 Reading table information for completion of table and column names
16 You can turn off this feature to get a quicker startup with -A
17
18 Database changed
19 MariaDB [mysql]> update user set password=password('admin123') where user='root'; #改root密碼2
20 Query OK, 4 rows affected (0.00 sec)
21 Rows matched: 4 Changed: 4 Warnings: 0
22
23 MariaDB [mysql]> GRANT ALL ON Syslog.* TO 'Syslog'@'192.168.%.%'IDENTIFIED BY 'admin123'; #授權syslog
24 Query OK, 0 rows affected (0.00 sec)
25
26 27
28 MariaDB [mysql]> FLUSH PRIVILEGES; #重新整理
29 Query OK, 0 rows affected (0.01 sec)
30
31 MariaDB [mysql]>
上面的資料庫名稱和syslog資料庫使用者,可以通過51上的/usr/share/doc/rsyslog-8.24.0/mysql-createDB.sql檔案檢視
1 [[email protected] web]# less /usr/share/doc/rsyslog-8.24.0/mysql-createDB.sql
2 CREATE DATABASE Syslog;
3 USE Syslog;
4 CREATE TABLE SystemEvents
3)、測試,51上測試
1 [[email protected] web]# mysql -usyslog -h192.168.216.53 -p
2 Enter password:
3 Welcome to the MariaDB monitor. Commands end with ; or \g.
4 Your MariaDB connection id is 3
5 Server version: 5.5.60-MariaDB MariaDB Server
6
7 Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
8
9 Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
10
11 MariaDB [(none)]>
12 MariaDB [(none)]>
4)、資料庫優化
vim /etc/my.cnf
skip_name_resolve=on #這個參數是禁止域名解析
innodb_file_per_table=on #共享表空間轉化為獨立表空間
#需要重新開機mariadb
systemctl restart mariasdb
5)、重定向導入資料庫
51-web1
mysql -uSyslog -h192.168.216.53 -p < /usr/share/doc/rsyslog-8.24.0/mysql-createDB.sql
6)、資料庫有了,修改配置檔案
51-web1
vim /etc/rsyslog.conf
1 #### MODULES ####
2
3 $ModLoad ommysql
#### RULES ####
#*.info;mail.none;authpriv.none;cron.none /var/log/messages
#*.info;mail.none;authpriv.none;cron.none @192.168.216.53
*.info;mail.none;authpriv.none;cron.none :ommysql:192.168.216.53,Syslog,Syslog,admin123
systemctl restart rsyslog
7)、測試看看
51上
systemctl restart nginx
53上資料庫看一下有沒有寫入
1 mysql -uroo -p
2 MariaDB [(none)]> show databases;
3 +--------------------+
4 | Database |
5 +--------------------+
6 | information_schema |
7 | Syslog |
8 | mysql |
9 | performance_schema |
10 | syslog |
11 | test |
12 +--------------------+
13 6 rows in set (0.01 sec)
14
15 MariaDB [(none)]> use Syslog;
16 Reading table information for completion of table and column names
17 You can turn off this feature to get a quicker startup with -A
18
19 Database changed
20 MariaDB [Syslog]> show tables;
21 +------------------------+
22 | Tables_in_Syslog |
23 +------------------------+
24 | SystemEvents |
25 | SystemEventsProperties |
26 +------------------------+
27 2 rows in set (0.00 sec)
28 MariaDB [Syslog]> select count(*) from SystemEvents;
29 +----------+
30 | count(*) |
31 +----------+
32 | 12 |
33 +----------+
34 1 row in set (0.01 sec)
35 MariaDB [Syslog]> select *from SystemEvents;
36 +----+------------+---------------------+---------------------+----------+----------+----------+------------------------------------------------------------------------------------------------------------------------------+------------+------------+-------------+-----------+---------------+---------+-----------------+--------------+-----------+----------+----------+------------+-----------+--------------+-----------------+----------+
37 | ID | CustomerID | ReceivedAt | DeviceReportedTime | Facility | Priority | FromHost | Message | NTSeverity | Importance | EventSource | EventUser | EventCategory | EventID | EventBinaryData | MaxAvailable | CurrUsage | MinUsage | MaxUsage | InfoUnitID | SysLogTag | EventLogType | GenericFileName | SystemID |
38 +----+------------+---------------------+---------------------+----------+----------+----------+------------------------------------------------------------------------------------------------------------------------------+------------+------------+-------------+-----------+---------------+---------+-----------------+--------------+-----------+----------+----------+------------+-----------+--------------+-----------------+----------+
39 | 1 | NULL | 2019-03-06 16:36:20 | 2019-03-06 16:36:20 | 3 | 6 | web1 | Stopping System Logging Service... | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 1 | systemd: | NULL | NULL | NULL |
40 | 2 | NULL | 2019-03-06 16:36:20 | 2019-03-06 16:36:20 | 5 | 6 | web1 | [origin software="rsyslogd" swVersion="8.24.0-34.el7" x-pid="129667" x-info="http://www.rsyslog.com"] exiting on signal 15. | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 1 | rsyslogd: | NULL | NULL | NULL |
41 | 3 | NULL | 2019-03-06 16:36:20 | 2019-03-06 16:36:20 | 3 | 6 | web1 | Stopped System Logging Service. | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 1 | systemd: | NULL | NULL | NULL |
42 | 4 | NULL | 2019-03-06 16:36:20 | 2019-03-06 16:36:20 | 3 | 6 | web1 | Starting System Logging Service... | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 1 | systemd: | NULL | NULL | NULL |
43 | 5 | NULL | 2019-03-06 16:36:20 | 2019-03-06 16:36:20 | 5 | 6 | web1 | [origin software="rsyslogd" swVersion="8.24.0-34.el7" x-pid="129711" x-info="http://www.rsyslog.com"] start | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 1 | rsyslogd: | NULL | NULL | NULL |
44 | 6 | NULL | 2019-03-06 16:36:20 | 2019-03-06 16:36:20 | 3 | 6 | web1 | Started System Logging Service. | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 1 | systemd: | NULL | NULL | NULL |
45 | 7 | NULL | 2019-03-06 16:36:22 | 2019-03-06 16:36:22 | 3 | 6 | web1 | Stopping The nginx HTTP and reverse proxy server... | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 1 | systemd: | NULL | NULL | NULL |
46 | 8 | NULL | 2019-03-06 16:36:22 | 2019-03-06 16:36:22 | 3 | 6 | web1 | Stopped The nginx HTTP and reverse proxy server. | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 1 | systemd: | NULL | NULL | NULL |
47 | 9 | NULL | 2019-03-06 16:36:22 | 2019-03-06 16:36:22 | 3 | 6 | web1 | Starting The nginx HTTP and reverse proxy server... | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 1 | systemd: | NULL | NULL | NULL |
48 | 10 | NULL | 2019-03-06 16:36:22 | 2019-03-06 16:36:22 | 3 | 6 | web1 | nginx: the configuration file /etc/nginx/nginx.conf syntax is ok | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 1 | nginx: | NULL | NULL | NULL |
49 | 11 | NULL | 2019-03-06 16:36:22 | 2019-03-06 16:36:22 | 3 | 6 | web1 | nginx: configuration file /etc/nginx/nginx.conf test is successful | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 1 | nginx: | NULL | NULL | NULL |
50 | 12 | NULL | 2019-03-06 16:36:22 | 2019-03-06 16:36:22 | 3 | 6 | web1 | Started The nginx HTTP and reverse proxy server. | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 1 | systemd: | NULL | NULL | NULL |
51 +----+------------+---------------------+---------------------+----------+----------+----------+------------------------------------------------------------------------------------------------------------------------------+------------+------------+-------------+-----------+---------------+---------+-----------------+--------------+-----------+----------+----------+------------+-----------+--------------+-----------------+----------+
52 12 rows in set (0.00 sec)
53
54 MariaDB [Syslog]> select *from SystemEvents\G #豎排顯示
4、前端顯示logAnalyzer
51上配置
這裡測試的為4.1.5,請自行下載下傳loganalyzer-4.1.5.tar.gz,這裡lnmp已經配置好,隻需要修改nginx配置檔案添加端口方式的虛拟主機
1)、環境
2)、配置loganalyzer
mkdir /loganalyzer
cp -r /loganalyzer-4.1.5/src/* /loganalyzer
cp loganalyzer-4.1.5/contri/* /loganalyzer
cd /loganalyzer
chmod +x *.sh
./configure.sh
./secure.sh
chmod 666 config.php
3)、修改nginx配置檔案,添加虛拟主機
1 [[email protected] loganalyzer]# cat /etc/nginx/conf.d/default.conf
2 server {
3 listen 80;
4 server_name 192.168.216.51;
5 index index.html index.htm index.php;
6 charset utf-8;
7 root /loganalyzer;
8 location / {
9 #max_fails=6;
10 #fail_timeout=60;
11 root /loganalyzer;
12 }
13
14 location ~.*\.php$ {
15 fastcgi_connect_timeout 300;
16 root /loganalyzer;
17 fastcgi_send_timeout 300;
18 fastcgi_read_timeout 300;
19 #max_fails=6;
20 #fail_timeout=60;
21 fastcgi_buffers 8 16k;
22 fastcgi_buffer_size 32k;
23 #fastcgi_pass unix:/dev/shm/php-fpm.sock;
24 fastcgi_pass 127.0.0.1:9000;
25 fastcgi_index index.php;
26 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
27 include fastcgi_params;
28 try_files $uri = 404;
29 }
30
31 location ~.*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp3|wma)$ {
32 expires 30d;
33 }
34 location ~.*\.(js|css)$ {
35 expires 12h;
36 }
37 }
38
39 server {
40 listen 81;
41 server_name 192.168.216.51;
42 index index.html index.htm index.php;
43 charset utf-8;
44 root /usr/share/zabbix;
45 location / {
46 #max_fails=6;
47 #fail_timeout=60;
48 root /usr/share/zabbix;
49 }
50
51 location ~.*\.php$ {
52 fastcgi_connect_timeout 300;
53 root /usr/share/zabbix;
54 fastcgi_send_timeout 300;
55 fastcgi_read_timeout 300;
56 #max_fails=6;
57 #fail_timeout=60;
58 fastcgi_buffers 8 16k;
59 fastcgi_buffer_size 32k;
60 #fastcgi_pass unix:/dev/shm/php-fpm.sock;
61 fastcgi_pass 127.0.0.1:9000;
62 fastcgi_index index.php;
63 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
64 include fastcgi_params;
65 try_files $uri = 404;
66 }
67
68 location ~.*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp3|wma)$ {
69 expires 30d;
70 }
71 location ~.*\.(js|css)$ {
72 expires 12h;
73 }
74 }
75 [[email protected] loganalyzer]#
systemctl restart nginx
systemctl restart php-fpm
5、正式開始web端配置
1)開始通路,預設通路的是index.php,安裝需要install.php,直接點here即可
2)、安裝需求,點選下一步即可
3)檢查配置,config.php沒有加執行權限就會包如下錯誤,修改權限後請看下一步
添加了權限後,點選下一步
4)、一些基礎配置,下一步即可
5)、建立第一個源,填寫資料庫資訊後,下一步
6)、點選finish,完成
7)、展示頁面
6、安全加強
config.php檔案保持了資料庫賬号密碼ip等資訊,安裝的時候需要加666權限,現在不在需要讀權限了,改為644即可
chmod 644 /loganalyzer/config.php
7、中文語言包
1)、解壓後将整個目錄方至/loganalyzer/lang目錄下
2)、chmod 655 -R /loganalyzer/lang/zh
3)、再次通路右上角就可以選中文了
本文參考了https://www.linuxidc.com/Linux/2017-10/147693.htm,有需要下載下傳loganalyzer程式的還有中文語言包的可以去看看