ryslog 是一個快速處理收集系統日誌的程序，提供了高性能、安全功能和模塊化設計。rsyslog 是syslog的升級版，它將多種來源輸入輸出轉換結果到目的地，據官網介紹，現在可以處理100萬條信息

LogAnalyzer 是一款syslog日誌和其他網絡事件數據的Web前端。它提供了對日誌的簡單瀏覽、搜索、基本分析和一些圖表報告的功能。數據可以從數據庫或一般的syslog文本文件中獲取，所以LogAnalyzer不需要改變現有的記錄架構。基於當前的日誌數據，它可以處理syslog日誌消息，Windows事件日誌記錄，支持故障排除，使用戶能夠快速查找日誌數據中看出問題的解決方案。

LogAnalyzer

LogAnalyzer 采用php開發，所以日誌服務器需要php的運行環境，本文采用LAMP/LNMP

實驗環境

centos6.9_x64

server:192.168.1.128 rsyslog+logAnalyzer

client:192.168.1.135 rsyslog

實驗軟件

loganalyzer-3.6.5.tar.gz

軟件安裝

yum clean all

yum makecache -y

yum install rsyslog-mysql –y

yum install -y httpd* mysql mysql-devel mysql-server php php-gd php-xml php-mysql

vim/etc/httpd/conf/httpd.conf

#ServerNamewww.example.com:80

ServerName *:80

#AddTypeapplication/x-tar .tgz

AddTypeapplication/x-tar .tgz

AddTypeapplication/x-httpd-php .php

service mysqld restart

service httpd restart

chkconfig --level 35 mysqld on

chkconfig --level 35 httpd on

mysqladmin -uroot password 數據庫密碼

mysql -uroot -p數據庫密碼

Welcome to the MySQL monitor. Commands end with ; or \g.

Your MySQL connection id is 3

Server version: 5.1.73 Source distribution

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its

affiliates. Other names may be trademarks of their respective

owners.

Type ‘help;‘ or ‘\h‘ for help. Type ‘\c‘ to clear the current input statement.

mysql>

touch /var/www/html/test.php

vim /var/www/html/test.php

<?php

phpinfo();

?>

service httpd reload

http://192.168.1.128/test.php

mysql -uroot -p數據庫密碼 < /usr/share/doc/rsyslog-mysql-5.8.10/createDB.sql

mysql -uroot -p數據庫密碼

mysql> show databases;

+--------------------+

| Database |

+--------------------+

| information_schema |

| Syslog |

| mysql |

| test |

+--------------------+

4 rows in set (0.00 sec)

mysql> use Syslog;

Reading table information for completion of table and column names

You can turn off this feature to get a quicker startup with -A

Database changed

mysql> show tables;

+------------------------+

| Tables_in_Syslog |

+------------------------+

| SystemEvents |

| SystemEventsProperties |

+------------------------+

2 rows in set (0.00 sec)

mysql> grant all on Syslog.* to [email protected] identified by ‘123456‘;

Query OK, 0 rows affected (0.00 sec)

mysql> flush privileges;

Query OK, 0 rows affected (0.00 sec)

mysql> exit

Bye

mysql -ursyslog -p數據庫密碼

Welcome to the MySQL monitor. Commands end with ; or \g.

Your MySQL connection id is 8

Server version: 5.1.73 Source distribution

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its

affiliates. Other names may be trademarks of their respective

owners.

Type ‘help;‘ or ‘\h‘ for help. Type ‘\c‘ to clear the current input statement.

mysql>

vim /etc/rsyslog.conf

#### MODULES ####

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)

$ModLoad imklog # provides kernel logging support (previously done by rklogd)

#$ModLoad immark # provides --MARK-- message capability

# Provides UDP syslog reception

#$ModLoad imudp

#$UDPServerRun 514

# Provides TCP syslog reception

$ModLoad imtcp

$InputTCPServerRun 514

#### MODULES ####

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)

$ModLoad imklog # provides kernel logging support (previously done by rklogd)

$ModLoad immark # provides --MARK-- message capability

$ModLoad ommysql

*.* :ommysql:localhost,Syslog,rsyslog,123456

# Provides UDP syslog reception

$ModLoad imudp

$UDPServerRun 514

# Provides TCP syslog reception

$ModLoad imtcp

$InputTCPServerRun 514 修改為

service rsyslog restart

netstat -tuplna | grep rsyslog

udp 0 0 0.0.0.0:48048 0.0.0.0:* 2687/rsyslogd

ps -aux | grep rsyslog

Warning: bad syntax, perhaps a bogus ‘-‘? See /usr/share/doc/procps-3.2.8/FAQ

root 2687 0.0 0.1 189956 1568 ? Sl 11:06 0:00 /sbin/rsyslogd -i /var/run/syslogd.pid -c 5

root 2695 0.0 0.0 103332 884 pts/0 S+ 11:07 0:00 grep rsyslog

chkconfig --level 35 rsyslog on 以上所有操作為 server端操作

rpm -qa | grep rsyslog client端操作

yum install -y rsyslog

vim /etc/rsyslog.conf

*.* @192.168.1.128 最後一行添加 192.168.1.128 server端ip

service rsyslog restart

chkconfig --level 35 rsyslog on

netstat -tuplna | grep rsyslog

udp 0 0 0.0.0.0:48048 0.0.0.0:* 2687/rsyslogd

ps -aux | grep rsyslog

Warning: bad syntax, perhaps a bogus ‘-‘? See /usr/share/doc/procps-3.2.8/FAQ

root 2687 0.0 0.1 189956 1568 ? Sl 11:06 0:00 /sbin/rsyslogd -i /var/run/syslogd.pid -c 5

root 2695 0.0 0.0 103332 884 pts/0 S+ 11:07 0:00 grep rsyslog

vim /etc/bashrc

export PROMPT_COMMAND=‘{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg"; }‘ 最後一行寫入

source /etc/bashrc

service端測試

tailf /var/log/messages

May 27 11:11:24 centos6 dhclient[1549]: DHCPACK from 192.168.1.254 (xid=0x41231c53)

May 27 11:11:26 centos6 dhclient[1549]: bound to 192.168.1.128 -- renewal in 835 seconds.

May 27 11:11:37 centos6-1 dhclient[1553]: DHCPREQUEST on eth0 to 192.168.1.254 port 67 (xid=0x15f81e3e)

May 27 11:11:37 centos6-1 dhclient[1553]: DHCPACK from 192.168.1.254 (xid=0x15f81e3e)

May 27 11:11:39 centos6-1 dhclient[1553]: bound to 192.168.1.135 -- renewal in 769 seconds.

May 27 11:12:32 centos6-1 root: [euid=root]:root pts/0 2017-05-27 09:15 (192.168.1.1):[/root]source /etc/bashrc

May 27 11:17:47 centos6-1 root: [euid=root]:root pts/0 2017-05-27 09:15 (192.168.1.1):[/root]clear

May 27 11:18:47 centos6-1 root: [euid=root]:root pts/0 2017-05-27 09:15 (192.168.1.1):[/root]dd

May 27 11:18:52 centos6-1 root: [euid=root]:root pts/0 2017-05-27 09:15 (192.168.1.1):[/root]dd

May 27 11:18:55 centos6-1 root: [euid=root]:root pts/0 2017-05-27 09:15 (192.168.1.1):[/root]de

May 27 11:18:56 centos6-1 root: [euid=root]:root pts/0 2017-05-27 09:15 (192.168.1.1):[/root]deer

May 27 11:18:57 centos6-1 root: [euid=root]:root pts/0 2017-05-27 09:15 (192.168.1.1):[/root]erwie

May 27 11:19:01 centos6-1 root: [euid=root]:root pts/0 2017-05-27 09:15 (192.168.1.1):[/root]clare

May 27 11:19:03 centos6-1 root: [euid=root]:root pts/0 2017-05-27 09:15 (192.168.1.1):[/root]clear

May 27 11:19:05 centos6-1 root: [euid=root]:root pts/0 2017-05-27 09:15 (192.168.1.1):[/root]dei

May 27 11:19:12 centos6-1 root: [euid=root]:root pts/0 2017-05-27 09:15 (192.168.1.1):[/root]dadfe 說明服務端可以接受客戶端的日誌

client端測試

[[email protected] ~]# dei

-bash: dei: command not found

[[email protected] ~]# dadfe

-bash: dadfe: command not found

tar zxvf loganalyzer-3.6.5.tar.gz

cd loganalyzer-3.6.5

mkdir -p /var/www/html/loganalyzer

cp -rv src/* /var/www/html/loganalyzer/

http://192.168.1.128/loganalyzer 192.168.1.128為服務端ip

touch /var/www/html/loganalyzer/config.php

chmod 666 /var/www/html/loganalyzer/config.php

本文出自 “hades” 博客，謝絕轉載！

rsyslog+LogAnalyzer+MySQL日誌服務器