lnmp+rsyslog+loganalyzer日誌管理

lnmp+rsyslog+loganalyzer日誌管理

環境rhel5.8 32位

安裝必要的庫

yum -y groupinstall "Development libraries" "Development tools"

yum -y install gcc openssl-devel pcre-devel zlib-devel

需要的包

mysql-5.6.16.tar.gz

cmake-2.8.12.tar.gz

php-5.4.9.tar.gz

libevent-2.0.21-stable.tar.gz

libiconv-1.14.tar.gz

libee-0.4.1.tar.gz

libestr-0.1.9.tar.gz

libmcrypt-2.5.8.tar.gz

mhash-0.9.9.9.tar.gz

nginx-1.4.6.tar.gz

loganalyzer-3.6.3-1374045102000.tar.gz

rsyslog-6.3.6.tar.gz

下載地址

http://down.51cto.com/data/1098621

http://down.51cto.com/data/1098622

＝＝＝安裝Nginx＝＝＝

[root@rsyslog ~]# useradd -s /sbin/nologin -M nginx

[root@rsyslog ~]# tar xf  nginx-1.4.6.tar.gz

[root@rsyslog ~]# cd nginx-1.4.6

[root@rsyslog nginx-1.4.6]#  ./configure \

--prefix=/usr/local/nginx \

--pid-path==/usr/local/nginx/nginx.pid \

--user=nginx \

--group=nginx \

--with-http_ssl_module \

--with-http_flv_module \

--with-http_stub_status_module \

--with-http_gzip_static_module \

--http-client-body-temp-path=/usr/local/nginx/client \

--http-proxy-temp-path=/usr/local/nginx/proxy \

--http-fastcgi-temp-path=/usr/local/nginx/fcgi \

--http-uwsgi-temp-path=/usr/local/nginx/uwsgi \

--http-scgi-temp-path=/usr/local/nginx/scgi \

--with-pcre

[root@rsyslog nginx-1.4.6]# make && make install

安裝cmake:用於安裝mysql

[root@rsyslog ~]# tar xf cmake-2.8.12.tar.gz

[root@rsyslog ~]# cd cmake-2.8.12

[root@rsyslog cmake-2.8.12]# ./bootstrap --prefix=/usr/local/cmake

[root@rsyslog cmake-2.8.12]# make && make install

[root@rsyslog cmake-2.8.12]# cmake  --version 查看安裝時否成功

==============================

溫馨提示：如果找不到cmake：

       使用絕對路徑

# /usr/local/cmake/bin/cmake --version

==============================

編譯安裝 MySQL-5.6.16

[root@rsyslog ~]# useradd -s /sbin/nologin  -M mysql

[root@rsyslog ~]# tar xf mysql-5.6.16.tar.gz

[root@rsyslog ~]# cd mysql-5.6.16

[root@rsyslog mysql-5.6.16]# cmake \

-DCMAKE_INSTALL_PREFIX=/usr/local/mysql \

-DMYSQL_UNIX_ADDR=/usr/local/mysql/data/mysql.sock \

-DDEFAULT_CHARSET=utf8 \

-DDEFAULT_COLLATION=utf8_general_ci \

-DWITH_EXTRA_CHARSETS=utf8,gbk \

-DWITH_PERFSCHEMA_STORAGE_ENGINE=1 \

-DWITH_FEDERATED_STORAGE_ENGINE=1 \

-DWITH_PARTITION_STORAGE_ENGINE=1 \

-DWITH_ARCHIVE_STORAGE_ENGINE=1 \

-DMYSQL_DATADIR=/usr/local/mysql/data \

-DSYSCONFDIR=/usr/local/mysql \

-DMYSQL_TCP_PORT=3306

[root@rsyslog mysql-5.6.16]# make

[root@rsyslog mysql-5.6.16]# make install

安裝後的配置

[root@rsyslog ~]# cd /usr/local/mysql

[root@rsyslog mysql]# chown -R mysql:mysql *

//更改當前目錄下所有文件屬主和屬組

[root@rsyslog mysql]# ./scripts/mysql_install_db --user=mysql   //初始化mysql

==============================================================

[root@rsyslog mysql]# cp support-files/my-default.cnf /etc/my.cnf//生成mysql的主配置文件

[root@rsyslog mysql]#cp support-files/mysql.server /etc/init.d/mysqld//複製啓動腳本

[root@rsyslog mysql]# service mysqld start

[root@rsyslog mysql]#chkconfig mysqld on

登錄測試

# vim ~/.bash_profile

PATH=$PATH:$HOME/bin:/usr/local/mysql/bin/

# source ~/.bash_profile//使用新PATH變量立即生效

#mysqladmin -u root password 'zhangxi'

安裝PHP

安裝PHP擴展：

#tar xf libevent-2.0.21-stable.tar.gz

# cd libevent-2.0.21-stable

# ./configure

# make && make install

# tar xf libiconv-1.14.tar.gz

# cd libiconv-1.14

# ./configure

# make && make install

# tar xvf libmcrypt-2.5.8.tar.gz

# cd libmcrypt-2.5.8

# ./configure

# make && make install

# ldconfig -v 刷新lib庫

# cd libltdl

# ./configure --with-gmetad --enable-gexec --enable-ltdl-install

# make && make install

# tar xvf mhash-0.9.9.9.tar.gz

# cd mhash-0.9.9.9

# ./configure

# make && make install

# ln -sv /usr/local/lib/libmcrypt* /usr/lib/

# ln -sv /usr/local/lib/libmhash.* /usr/lib/

# ldconfig -v

安裝PHP（Fast-cgi）

====================================================================

# tar xvf php-5.4.9.tar.gz

# cd php-5.4.9

# ./configure \

--prefix=/usr/local/php5nginx \

--with-config-file-path=/usr/local/php5nginx/etc \

--with-mysql=/usr/local/mysql \

--with-mysqli=/usr/local/mysql/bin/mysql_config \

--with-iconv-dir=/usr/local \

--with-freetype-dir \

--with-jpeg-dir \

--with-png-dir \

--with-zlib \

--with-libxml-dir=/usr \

--enable-xml \

--disable-rpath \

--enable-bcmath \

--enable-shmop \

--enable-sysvsem \

--enable-inline-optimization \

--with-curl \

--with-curlwrappers \

--enable-mbregex \

--enable-fpm \

--enable-mbstring \

--with-mcrypt \

--with-gd \

--enable-gd-native-ttf \

--with-openssl \

--with-mhash \

--enable-pcntl \

--enable-sockets \

--with-ldap \

--with-ldap-sasl \

--with-xmlrpc \

--enable-zip \

--enable-soap

[root@rsyslog php-5.4.9]#make ZEND_EXTRA_LIBS='-liconv'

這裏我報了一個錯如下

make: *** [ext/phar/phar.phar] 錯誤 127

[root@rsyslog php-5.4.9]# ln -s /usr/local/mysql/lib/libmysqlclient.so.18 /usr/lib

[root@rsyslog php-5.4.9]#make install

[root@rsyslog php-5.4.9]#cp php.ini-production   /usr/local/php5nginx/etc/php.ini//生成php配置文件

[root@rsyslog php-5.4.9]# cd /usr/local/php5nginx/etc/

[root@rsyslog etc]# cp php-fpm.conf.default php-fpm.conf

編輯php-fpm.conf,內容如下:

vi /usr/local/php5nginx/etc/php-fpm.conf

[global]

pid = run/php-fpm.pid

error_log = log/php-fpm.log

log_level = error

daemonize = yes

[www]

user = nginx

group = nginx

listen = 127.0.0.1:9000

listen.allowed_clients = 127.0.0.1

pm = dynamic

pm.max_children = 32

pm.start_servers = 15

pm.min_spare_servers = 5

pm.max_spare_servers = 25

pm.max_requests = 4000

啓動php-fpm和停止php-fpm

/usr/local/php5nginx/sbin/php-fpm &

kill -QUIT  `cat /usr/local/php5nginx/var/run/php-fpm.pid`

使用Sys V腳本

[root@rsyslog php-5.4.9]# cp sapi/fpm/init.d.php-fpm /etc/rc.d/init.d/php-fpm

[root@test php-5.4.9]# chmod +x /etc/rc.d/init.d/php-fpm

[root@rsyslog php-5.4.9]# chmod +x /etc/rc.d/init.d/php-fpm

[root@rsyslog php-5.4.9]# chkconfig php-fpm on

[root@test php-5.4.9]# service php-fpm stop

Gracefully shutting down php-fpm . done

[root@test php-5.4.9]# service php-fpm start

Starting php-fpm  done

安裝rsyslog

前提

1. 安裝libestr

# tar xzvf libestr-0.1.9.tar.gz

# cd ./libestr-0.1.9

[root@rsyslog libestr-0.1.9]# ./configure --prefix=/usr --libdir=/usr/lib

[root@rsyslog libestr-0.1.9]# make && make install

安裝libee

[root@rsyslog ~]# tar xf libee-0.4.1.tar.gz

[root@rsyslog ~]# cd libee-0.4.1

[root@rsyslog libee-0.4.1]# ./configure --prefix=/usr  PKG_CONFIG_PATH="/usr/lib/pkgconfig" --libdir=/usr/lib

[root@rsyslog libee-0.4.1]# make && make install

[root@rsyslog ~]# tar xf rsyslog-6.3.6.tar.gz

[root@rsyslog ~]# cd rsyslog-6.3.6

[root@rsyslog rsyslog-6.3.6]# ./configure --prefix=/usr/local/rsyslog --enable-mysql  

[root@rsyslog rsyslog-6.3.6]# make && make install

[root@rsyslog rsyslog-6.3.6]# mysql -u root -p < ./plugins/ommysql/createDB.sql 導入數據庫並設置相應權限下面是給其中一個客戶端權

限

mysql> GRANT INSERT ON Syslog.* TO 'rsyslog_write'@'192.168.1.106' IDENTIFIED BY '123456';

Query OK, 0 rows affected (0.11 sec)

mysql> GRANT SELECT ON Syslog.* TO 'rsyslog_read'@'192.168.1.106' IDENTIFIED BY '654321';

Query OK, 0 rows affected (0.00 sec)

mysql> flush privileges;

[root@rsyslog rsyslog-6.3.6]# cp rsyslog.conf /etc/

配置rsyslog

在/etc/rsyslog.conf最上面加上 $ModLoad ommysql 載入mysql支持的模塊

去掉內以下兩行的註釋

$ModLoad imudp.so  

$UDPServerRun 514  

增加寫入到數據庫的日誌 這裏寫的是本地其他客戶端更改成服務器IP就行了

*.info;mail.none;authpriv.none;cron.none  :ommysql:127.0.0.1,Syslog,rsyslog_write,password_123456

local7.*  :ommysql:127.0.0.1,Syslog,rsyslog_write,123456

user.*    :ommysql:127.0.0.1,Syslog,rsyslog_write,123456

root@rsyslog rsyslog-6.3.6]# /usr/local/rsyslog/sbin/rsyslogd 啓動

部署loganalyzer

[root@rsyslog ~]# tar xf loganalyzer-3.6.3-1374045102000.tar.gz

[root@rsyslog loganalyzer-3.6.3]# mkdir -p /var/www/loganalyzer

[root@rsyslog loganalyzer-3.6.3]# cp -r src/* /var/www/loganalyzer/

[root@rsyslog loganalyzer-3.6.3]# cp contrib/* /var/www/loganalyzer/

[root@rsyslog loganalyzer-3.6.3]# chmod u+x /var/www/loganalyzer/configure.sh

[root@rsyslog loganalyzer-3.6.3]# chmod u+x /var/www/loganalyzer/secure.sh

[root@rsyslog loganalyzer-3.6.3]# cd /var/www/loganalyzer/

[root@rsyslog loganalyzer]# ./configure.sh

整合Nginx和Fastcgi

Nginx啓用Fastcgi

[root@test php-5.4.9]# vim /usr/local/nginx/conf/nginx.conf

啓用：

location / {

           root  /var/www/loganalyzer/;

           index  index.php index.html index.htm;

       }

location ~ \.php$ {

           root           /var/www/loganalyzer/;

           fastcgi_pass   127.0.0.1:9000;

           fastcgi_index  index.php;

           fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;

           include        fastcgi_params;

       }

修改fastcgi參數文件

[root@rsyslog ~]# vim /usr/local/nginx/conf/fastcgi_params

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;

fastcgi_param  SERVER_SOFTWARE    nginx;

fastcgi_param  QUERY_STRING       $query_string;

fastcgi_param  REQUEST_METHOD     $request_method;

fastcgi_param  CONTENT_TYPE       $content_type;

fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;

fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;

fastcgi_param  REQUEST_URI        $request_uri;

fastcgi_param  DOCUMENT_URI       $document_uri;

fastcgi_param  DOCUMENT_ROOT      $document_root;

fastcgi_param  SERVER_PROTOCOL    $server_protocol;

fastcgi_param  REMOTE_ADDR        $remote_addr;

fastcgi_param  REMOTE_PORT        $remote_port;

fastcgi_param  SERVER_ADDR        $server_addr;

fastcgi_param  SERVER_PORT        $server_port;

fastcgi_param  SERVER_NAME        $server_name;

最終確認並重啓：

[root@rsyslog ~]# /etc/init.d/php-fpm stop

Gracefully shutting down php-fpm . done

[root@rsyslog ~]# /etc/init.d/php-fpm start

Starting php-fpm  done

[root@rsyslog ~]# pgrep nginx

11051

11052

[root@rsyslog ~]# netstat -tnlp |grep nginx

tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      5533/nginx          

[root@rsyslog ~]# netstat -tnlp |grep php

tcp        0      0 127.0.0.1:9000              0.0.0.0:*                   LISTEN      5516/php-fpm    

訪問http://localhost/install.php 通過web對loganalyzer進行配置 別點“下一步” 點上癮忘了在最後選擇使用mysql數據庫和配置數據庫名稱，表名和權限。客戶端要安裝rsyslog和mysql-devel（爲了模塊$ModLoad ommysql）具體配置如圖

選擇使用mysql數據庫，填寫庫名和表名以及權限