Centos6.5安裝rsyslog+loganalyzer+mysql部署日誌服務器
系統環境:
[root@zabbix ~]# uname -r 2.6.32-431.el6.x86_64
rsyslog版本:(Centos6.5系統自帶的版本都是這個5.8.10)
[root@zabbix ~]# rsyslogd -v rsyslogd 5.8.10, compiled with: FEATURE_REGEXP:Yes FEATURE_LARGEFILE:No GSSAPI Kerberos 5 support:Yes FEATURE_DEBUG (debug build, slow code):No 32bit Atomic operations supported:Yes 64bit Atomic operations supported:Yes Runtime Instrumentation (slow code):No See http://www.rsyslog.com for more information.
防火牆配置:(打開防火牆514端口)
[root@zabbix ~]# cat /etc/sysconfig/iptables # Generated by iptables-save v1.4.7 on Tue Nov 17 22:17:30 2015 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [4:464] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 514 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A INPUT -p icmp -j DROP -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT # Completed on Tue Nov 17 22:17:30 2015
重啓防火牆:
[root@zabbix ~]#services iptables restart 關閉selinux: [root@zabbix ~]#sed -i 's/enforcing/disabled/' /etc/selinux/config
一、安裝LAMP:(我用YUM 安裝就行)
[root@zabbix ~]#yum install php php-mysql php-common php-gd php-mbstring php-mcrypt php-devel php-xml mysql mysql-server -y 前邊省略了………… Updated: php-common.x86_64 0:5.4.45-53.el6.art Dependency Updated: php-bcmath.x86_64 0:5.4.45-53.el6.art Complete!
二、添加開機啓動:
[root@zabbix ~]# chkconfig httpd on [root@zabbix ~]#chkconfig mysqld on [root@zabbix ~]#chkconfig rsyslog on 啓動服務: [root@zabbix ~]#service httpd start
Starting httpd: httpd: apr_sockaddr_info_get() failed for zabbix httpd: Could not reliably determine the server's fully qualified domainname, using 127.0.0.1 for ServerName[ OK ]
[root@zabbix ~]#service mysqld start Starting mysqld: [ OK ] [root@zabbix ~]#service rsyslog start Shutting down system logger: [ OK ]
三。增加php 支持這兩行
[root@zabbix ~]#cat /etc/httpd/conf/httpd.conf 639 addType application/x-httpd-php .php 640 AddType application/x-httpd-php-source .phps
重啓服務
[root@zabbix ~]#service httpd restart
四、安裝Rsyslog支持數據庫支持。
[root@zabbix ~]# yum install rsyslog-mysql -y 省略部分………… Install 1 Package(s) Upgrade 1 Package(s) Total download size: 671 k Downloading Packages: (1/2): rsyslog-5.8.10-10.el6_6.x86_64.rpm | 650 kB 01:08 (2/2): rsyslog-mysql-5.8.10-10.el6_6.x86_64.rpm | 21 kB 00:00 --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Total 7.7 kB/s | 671 kB 01:27 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Updating : rsyslog-5.8.10-10.el6_6.x86_64 1/3 Installing : rsyslog-mysql-5.8.10-10.el6_6.x86_64 2/3 Cleanup : rsyslog-5.8.10-8.el6.x86_64 3/3 Verifying : rsyslog-mysql-5.8.10-10.el6_6.x86_64 1/3 Verifying : rsyslog-5.8.10-10.el6_6.x86_64 2/3 Verifying : rsyslog-5.8.10-8.el6.x86_64 3/3 Installed: rsyslog-mysql.x86_64 0:5.8.10-10.el6_6 Dependency Updated: rsyslog.x86_64 0:5.8.10-10.el6_6 Complete!
五、測試是不是支持php
[root@zabbix ~]#vim /var/www/html/index.php [root@zabbix ~]#cat /var/www/html/index.php <?php phpinfo(); ?>
安裝完成數據庫支持後在/usr/share/doc/rsyslog-mysql-5.8.10/裏邊有個數據庫的文件createDB.sql
[root@zabbix ~]#cd /usr/share/doc/rsyslog-mysql-5.8.10/ [root@zabbix rsyslog-mysql-5.8.10]# ll total 4 -rw-r--r-- 1 root root 1046 Apr 18 2011 createDB.sql
用SQL語句快速建立庫和表
[root@zabbix ~]#mysql -u root -p < /usr/share/doc/rsyslog-mysql-5.8.10/createDB.sql [root@zabbix rsyslog-mysql-5.8.10]#mysql -uroot -p #進入數據庫 mysql> show databases; #查看數據庫多了個Syskog的數據庫 +--------------------+ | Database | +--------------------+ | information_schema | | Syslog | | mweuu | | mysql | | performance_schema | | zabbix | +--------------------+ 6 rows in set (0.06 sec)
Mysql數據庫建立一個用戶,並制授權用戶給上面導入時建立的庫Syslog所有權限;
mysql> grant all privileges on Syslog.* to 'rsyslog'@'localhost' identified by 'syslogps'; Query OK, 0 rows affected (0.00 sec) mysql> grant all privileges on Syslog.* to 'rsyslog'@'127.0.0.1' identified by 'syslogps'; Query OK, 0 rows affected (0.00 sec) mysql> flush privileges; Query OK, 0 rows affected (0.00 sec)
修改配置文件:vim /etc/rsyslog.conf讓它支持日誌記錄寫到Mysql數據庫中,並啓用監聽TCP514端口【你也可以選擇UDP端口】:修改如下,用戶名密碼等根據自己情況修改:
[root@zabbix ~]# vim /etc/rsyslog.conf $ModLoad imtcp #前邊的#去掉 $InputTCPServerRun 514 #前邊的#去掉 $ModLoad ommysql.so #添加 *.* :ommysql:127.0.0.1,Syslog,rsyslog,syslogps #添加 說明:這裏的*.*表示任意用戶名,127.0.0.1書數據庫的ip地址(根據自己的環境做調整) Syslog是數據庫,rsyslog是數據庫授權的用戶名,後邊就是密碼。
[root@zabbix ~]#service rsyslog restart #重啓服務
六、接下來安裝loganalyzer軟件
[root@zabbix ~]#wget http://download.adiscon.com/loganalyzer/loganalyzer-3.6.3.tar.gz [root@zabbix ~]#tar xf loganalyzer-3.6.3.tar.gz [root@zabbix ~]#cp -r loganalyzer-3.6.3/src/* /var/www/html/ cp: overwrite `/var/www/html/index.php'? y You have new mail in /var/spool/mail/root [root@zabbix ~]#cp -r loganalyzer-3.6.3/contrib/* /var/www/html/ [root@zabbix ~]#cd /var/www/html/ [root@zabbix html]#chmod 700 *.sh [root@zabbix html]#./configure.sh You have new mail in /var/spool/mail/root [root@zabbix html]#chmod 777 /var/log/messages #這裏的權限要注意了,不改的會報錯,提示權限不夠 You have new mail in /var/spool/mail/root
客戶端設置:
[root@localhost ~]# echo "*.* @@192.168.128.129:514" >> /etc/rsyslog.conf [root@localhost ~]# service rsyslog restart Shutting down system logger: [ OK ] Starting system logger: [ OK ] [root@localhost ~]# vim /etc/sysconfig/iptables [root@localhost ~]# cat /etc/sysconfig/iptables # Generated by iptables-save v1.4.7 on Thu Sep 10 20:42:38 2015 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [6:560] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 514 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT [root@localhost ~]# service iptables restart iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Flushing firewall rules: [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: [ OK ]
打開瀏覽器:http://ip/點擊here進入一下步,如果上面操作完成直接一下步,看到Step3時選擇Enable User Databse爲YES填入Mysql的相關配置:
這裏是輸入你的數據的授權的賬號和密碼,還有建立的數據庫。
直接一下步到Step 6會提示創建一個管理員帳號:創建完帳號後可看到如下:
最終效果是這個: