rsyslog+loganalyaer配置中央日誌服務器

準備程序包

rsyslog-5.8.1.tar.gz

xvf loganalyzer-3.2.1.tar.gz

vi rsyslog.sh

#!/bin/sh

 

#mysql conf

mysql_user='root'

mysql_pwd='123456'

run_user='root'

run_pwd='123456'

 

# Install env.

yum -y install mysql mysql-devel mysql-server php php-mysql php-pdo php-common php-gd httpd zlib-devel gcc gcc-c++

 

# Install rsyslog..

tar rsyslog-5.8.1.tar.gz

cd rsyslog-5.8.1

./configure --enable-mysql --prefix=/usr/local/rsyslog

make && make install

cd ..

 

# creat rsyslog config..

sed -e "s/ommysql:localhost,Syslog,root,/ommysql:localhost,Syslog,${run_user},${run_pwd};dbFormat/g" rsyslog.conf > /etc/rsyslog.conf

 

# stop system syslog..

service syslog stop

chkconfig syslog off

 

# create rsyslog startup script

cp /etc/init.d/{syslog,rsyslog}

 

# edit rsyslog startup script

sed -i 's/syslog/rsyslog/g' /etc/init.d/rsyslog

 

chmod 700 /etc/init.d/rsyslog

chkconfig --add rsyslog

chkconfig rsyslog on

 

# create rsyslog bin ln

ln -sv /usr/local/rsyslog/sbin/rsyslogd /sbin/rsyslogd

 

# conf mysql

service mysqld start

chkconfig mysqld on

mysqladmin -u root password "${mysql_pwd}"

 

# create sql

cat > createDB.sql << EOF

CREATE DATABASE Syslog default character set 'utf8';

USE Syslog;

CREATE TABLE SystemEvents

(

        ID int unsigned not null auto_increment primary key,

        CustomerID bigint,

        ReceivedAt datetime NULL,

        DeviceReportedTime datetime NULL,

        Facility smallint NULL,

        Priority smallint NULL,

        FromHost varchar(60) NULL,

        Message text,

        NTSeverity int NULL,

        Importance int NULL,

        EventSource varchar(60),

        EventUser varchar(60) NULL,

        EventCategory int NULL,

        EventID int NULL,

        EventBinaryData text NULL,

        MaxAvailable int NULL,

        CurrUsage int NULL,

        MinUsage int NULL,

        MaxUsage int NULL,

        InfoUnitID int NULL ,

        SysLogTag varchar(60),

        EventLogType varchar(60),

        GenericFileName VarChar(60),

        SystemID int NULL

) DEFAULT CHARSET='utf8';

 

CREATE TABLE SystemEventsProperties

(

        ID int unsigned not null auto_increment primary key,

        SystemEventID int NULL ,

        ParamName varchar(255) NULL ,

        ParamValue text NULL

) DEFAULT CHARSET='utf8';

 

grant all privileges on Syslog.* to '${run_user}'@localhost identified by '${run_pwd}';

EOF

 

# import sql

mysql -u${mysql_user} -p${mysql_pwd} < createDB.sql

 

# start rsyslog

service rsyslog restart

 

# install loganalyzer

tar xvf loganalyzer-3.2.1.tar.gz

cd loganalyzer-3.2.1

cp -r src/ /var/www/html/loganalyzer

cp -r contrib/* /var/www/html/loganalyzer

cd ..

 

chown -R apache.apache /var/www/html/loganalyzer

 

# use web install loganalyzer.

/bin/sh /var/www/html/loganalyzer/configure.sh

/bin/sh /var/www/html/loganalyzer/secure.sh

 

# start httpd

service httpd start

chkconfig httpd on

 

# edit src/include/functions_common.php  function GetStringWithHTMLCodes

sed -i 's/htmlentities.*/htmlentities(\$myStr,ENT_QUOTES,"UTF-8");/g' /var/www/html/loganalyzer/include/functions_common.php

 

# reduce the privilege

read -n 1 -p 'Please go to install web, when finished, press Enter...'

cat > priv.sql << EOF

revoke all privileges on Syslog.* from '${run_user}'@localhost;

grant insert,delete,update,select,alter on Syslog.* to '${run_user}'@localhost identified by '${run_pwd}';

EOF

mysql -u${mysql_user} -p${mysql_pwd} < priv.sql

 

# clean

rm -rf priv.sql createDB.sql loganalyzer-3.2.1 rsyslog-5.8.1

 

chmod +x rsyslog.sh

./rsyslog.sh

 

如與panabit流量監控相結合的話.終端會一直彈出數據.無法操作.可以改下

 

彈出數據爲Message from syslogd@2011-06-13T19:43:04.846104+08:00 10.35.2.2 PNB0>www 1307994563

vi   /etc/rsyslog.conf

#*.emerg                                                 *

service rsyslog restart

http://www.wushiqin.com/?p=76 轉載