1、将syslog日志存储到mysql
安装mysql
wget -i -c http://dev.mysql.com/get/mysql57-community-release-el7-10.noarch.rpm
yum -y install mysql57-community-release-el7-10.noarch.rpm
yum -y install mysql-community-server
安装rsyslog-mysql模块
[root@localhost~]# yum install rsyslog-mysql
[root@localhost~]# rpm -ql rsyslog-mysql
/usr/lib64/rsyslog/ommysql.so
/usr/share/doc/rsyslog-8.24.0/mysql-createDB.sql
[root@localhost~]# cat /usr/share/doc/rsyslog-8.24.0/mysql-createDB.sql
CREATE DATABASE Syslog;
USE Syslog;
CREATE TABLE SystemEvents
(
ID int unsigned not null auto_increment primary key,
CustomerID bigint,
ReceivedAt datetime NULL,
DeviceReportedTime datetime NULL,
Facility smallint NULL,
Priority smallint NULL,
FromHost varchar(60) NULL,
Message text,
NTSeverity int NULL,
Importance int NULL,
EventSource varchar(60),
EventUser varchar(60) NULL,
EventCategory int NULL,
EventID int NULL,
EventBinaryData text NULL,
MaxAvailable int NULL,
CurrUsage int NULL,
MinUsage int NULL,
MaxUsage int NULL,
InfoUnitID int NULL ,
SysLogTag varchar(60),
EventLogType varchar(60),
GenericFileName VarChar(60),
SystemID int NULL
);
CREATE TABLE SystemEventsProperties
(
ID int unsigned not null auto_increment primary key,
SystemEventID int NULL ,
ParamName varchar(255) NULL ,
ParamValue text NULL
);
创建用户&syslog表、授权
systemctl status mysqld
systemctl start mysqld
grep "password" /var/log/mysqld.log
mysql -uroot -p
mysql> alter user 'root'@'localhost' identified by 'password';(设置的是公共长密码)
mysql> create user 'sysloguser'@'%' identified by 'password';
mysql> source /usr/share/doc/rsyslog-8.24.0/mysql-createDB.sql
mysql> grant all on Syslog.* to 'sysloguser'@'%';
mysql> flush privileges;
配置/etc/rsyslog.conf参数\重启rsyslog服务
$ModLoad ommysql
*.debug;mail.none;authpriv.none;cron.none :ommysql:127.0.0.1,Syslog,sysloguser,password
检查syslog日志是否转到了mysql
客户端产生syslog日志,rsyslog服务会将日志向mysql存一份,select * from SystemEvents;检查日志。
2、使用LogAnalyzer页面展示syslog日志
安装依赖服务httpd/php/php-mysql/php-gd
yum install httpd php php-mysql php-gd
vi /etc/httpd/conf/httpd.conf,修改Listen 9980、ServerName 10.41.0.116:9980、DirectoryIndex index.php index.html
echo 1 > /var/www/html/index.html
echo "<?php phpinfo();?>" > /var/www/html/index.php
浏览器访问http://10.41.0.116:9980,看到php version 5.4.16页面
如果访问地址失败,执行vi /etc/selinux/config,修改SELINUX=disabled、重启电脑reboot
[root@localhostconf]# semanage port -l|grep http
http_cache_port_t tcp 8080, 8118, 8123, 10001-10010
http_cache_port_t udp 3130
http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t tcp 5988
pegasus_https_port_t tcp 5989
[root@localhostconf]# semanage port -a -t http_port_t -p tcp 9980
[root@localhostconf]# semanage port -l|grep http
http_cache_port_t tcp 8080, 8118, 8123, 10001-10010
http_cache_port_t udp 3130
http_port_t tcp 9980, 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t tcp 5988
pegasus_https_port_t tcp 5989
安装loganalyzer
用户名/密码:loguser/ops123!
cd /home && wget https://download.adiscon.com/loganalyzer/loganalyzer-4.1.12.tar.gz
tar -zxvf loganalyzer-4.1.12.tar.gz
mdkir /var/www/html/loganalyzer
cp -r src/* /var/www/html/loganalyzer
touch /var/www/html/loganalyzer/config.php
systemctl restart httpd
浏览器访问http://10.41.0.116:9980/loganalyzer,根据提示一步步操作即可。