rsyslog配置过程.docx
《rsyslog配置过程.docx》由会员分享,可在线阅读,更多相关《rsyslog配置过程.docx(10页珍藏版)》请在冰豆网上搜索。
rsyslog配置过程
Rsyslog
系统redhat6.4
Rsyslog系统默认已经安装但是没有安装rsyslog-mysql
服务端ip:
61.155.213.153
客户端ip:
61.155.213.152
两天服务器先同步一下时间
服务端安装的软件:
[root@rsyslog~]#yuminstallhttp*php*mysql*rsyslog*
安装完成后启动mysql
设置mysql密码
导入日文件的sql脚本,生成日志文件数据库
登录mysql数据库
设置用户访问数据库服务器中Syslog数据库的用户名和密码
重读授权表,及时生效
登录Syslog日志服务器
查询,如果有数据表示成功
测试:
在客户端生成一条log日志
查看本地log日志
查看服务端日志
进入mysql查看
Rsyslogclient端配置文件
[root@rsyslog~]#cat/etc/rsyslog.conf
#rsyslogv5configurationfile
#Formoreinformationsee/usr/share/doc/rsyslog-*/rsyslog_conf.html
#Ifyouexperienceproblems,see
####MODULES####
$ModLoadimuxsock#providessupportforlocalsystemlogging(e.g.vialoggercommand)
$ModLoadimklog#provideskernelloggingsupport(previouslydonebyrklogd)
#$ModLoadimmark#provides--MARK--messagecapability
#ProvidesUDPsyslogreception
#$ModLoadimudp
#$UDPServerRun514
#ProvidesTCPsyslogreception
#$ModLoadimtcp
#$InputTCPServerRun514
####GLOBALDIRECTIVES####
#Usedefaulttimestampformat
$ActionFileDefaultTemplateRSYSLOG_TraditionalFileFormat
#Filesyncingcapabilityisdisabledbydefault.Thisfeatureisusuallynotrequired,
#notusefulandanextremeperformancehit
#$ActionFileEnableSyncon
#Includeallconfigfilesin/etc/rsyslog.d/
$IncludeConfig/etc/rsyslog.d/*.conf
#$ModLoadommysql
*.*:
ommysql:
61.155.213.153,Syslog,root,rehdat//次句话的意思是以root用户redhat密码登录到Syslog数据库
####RULES####
#Logallkernelmessagestotheconsole.
#Loggingmuchelsecluttersupthescreen.
#kern.*/dev/console
#Loganything(exceptmail)oflevelinfoorhigher.
#Don'tlogprivateauthenticationmessages!
#*.info;mail.none;authpriv.none;cron.none/var/log/messages
#Theauthprivfilehasrestrictedaccess.
#authpriv.*/var/log/secure
#Logallthemailmessagesinoneplace.
#mail.*-/var/log/maillog
#Logcronstuff
#cron.*/var/log/cron
#Everybodygetsemergencymessages
#*.emerg*
#Savenewserrorsoflevelcritandhigherinaspecialfile.
#uucp,news.crit/var/log/spooler
#Savebootmessagesalsotoboot.log
#local7.*/var/log/boot.log
####beginforwardingrule###
#Thestatementbetweenthebegin...enddefineaSINGLEforwarding
#rule.Theybelongtogether,doNOTsplitthem.Ifyoucreatemultiple
#forwardingrules,duplicatethewholeblock!
#RemoteLogging(weuseTCPforreliabledelivery)
#
#Anon-diskqueueiscreatedforthisaction.Iftheremotehostis
#down,messagesarespooledtodiskandsentwhenitisupagain.
#$WorkDirectory/var/lib/rsyslog#wheretoplacespoolfiles
#$ActionQueueFileNamefwdRule1#uniquenameprefixforspoolfiles
#$ActionQueueMaxDiskSpace1g#1gbspacelimit(useasmuchaspossible)
#$ActionQueueSaveOnShutdownon#savemessagestodiskonshutdown
#$ActionQueueTypeLinkedList#runasynchronously
#$ActionResumeRetryCount-1#infiniteretriesifhostisdown
#remotehostis:
name/ip:
port,e.g.192.168.0.1:
514,portoptional
#*.*@@remote-host:
514
*.*@61.155.213.153:
514//用UDP协议
####endoftheforwardingrule###
服务端配置文件
[root@rsyslog~]#catrsyslog.conf
#rsyslogv5configurationfile
#Formoreinformationsee/usr/share/doc/rsyslog-*/rsyslog_conf.html
#Ifyouexperienceproblems,see
####MODULES####
$ModLoadimuxsock#providessupportforlocalsystemlogging(e.g.vialoggercommand)
$ModLoadimklog#provideskernelloggingsupport(previouslydonebyrklogd)
#$ModLoadimmark#provides--MARK--messagecapability
#ProvidesUDPsyslogreception
$ModLoadimudp
$UDPServerRun514
#ProvidesTCPsyslogreception
$ModLoadimtcp
$InputTCPServerRun514
####GLOBALDIRECTIVES####
#Usedefaulttimestampformat
$ActionFileDefaultTemplateRSYSLOG_TraditionalFileFormat
#Filesyncingcapabilityisdisabledbydefault.Thisfeatureisusuallynotrequired,
#notusefulandanextremeperformancehit
#$ActionFileEnableSyncon
#Includeallconfigfilesin/etc/rsyslog.d/
$IncludeConfig/etc/rsyslog.d/*.conf
$ModLoadommysql
*.*:
ommysql:
localhost,Syslog,root,redhat
####RULES####
#Logallkernelmessagestotheconsole.
#Loggingmuchelsecluttersupthescreen.
#kern.*/dev/console
#Loganything(exceptmail)oflevelinfoorhigher.
#Don'tlogprivateauthenticationmessages!
#*.info;mail.none;authpriv.none;cron.none/var/log/messages
#Theauthprivfilehasrestrictedaccess.
#authpriv.*/var/log/secure
#Logallthemailmessagesinoneplace.
#mail.*-/var/log/maillog
#Logcronstuff
#cron.*/var/log/cron
#Everybodygetsemergencymessages
#*.emerg*
#Savenewserrorsoflevelcritandhigherinaspecialfile.
#uucp,news.crit/var/log/spooler
#Savebootmessagesalsotoboot.log
#local7.*/var/log/boot.log
####beginforwardingrule###
#Thestatementbetweenthebegin...enddefineaSINGLEforwarding
#rule.Theybelongtogether,doNOTsplitthem.Ifyoucreatemultiple
#forwardingrules,duplicatethewholeblock!
#RemoteLogging(weuseTCPforreliabledelivery)
#
#Anon-diskqueueiscreatedforthisaction.Iftheremotehostis
#down,messagesarespooledtodiskandsentwhenitisupagain.
#$WorkDirectory/var/lib/rsyslog#wheretoplacespoolfiles
#$ActionQueueFileNamefwdRule1#uniquenameprefixforspoolfiles
#$ActionQueueMaxDiskSpace1g#1gbspacelimit(useasmuchaspossible)
#$ActionQueueSaveOnShutdownon#savemessagestodiskonshutdown
#$ActionQueueTypeLinkedList#runasynchronously
#$ActionResumeRetryCount-1#infiniteretriesifhostisdown
#remotehostis:
name/ip:
port,e.g.192.168.0.1:
514,portoptional
#*.*@@remote-host:
514
####endoftheforwardingrule###
loganalyzer安装
tar-xvfloganalyzer-3.2.3.tar.gz
cdloganalyzer-3.2.3
rsync-avsrc/*/var/www/html/
loganalyzer-3.2.3]#rsync-avcontrib/*/var/www/html/
cd/var/www/html/
chmod+x*.sh
html]#./configure.sh
html]#./secure.sh
html]#chown-Rapache.apache*
注意:
已下图片为借用别人的请结合图片下的说明安装
web登录:
http:
//61.155.213.153
点击here
点击next
确保config.php可写,点击next
选中EnableUserDatabase后的yes用户名为root,同事选中Requireusertobeloggedin后的yes,点击next
点击next
点击next
输入管理员帐号密码,点击next,次为设置管理员
选择mysqlnative
这里注意表的大小写,这张图里的数据库名称错了,要改成Syslog,表名要修改成,SystemEvents,数据库用户是root,并选中EnableRowCounting后的yes,点击next
点击finish结束安装。
结果:
升级会员 