Rsyslog + loganalyzer + evtsys build a centralized monitoring system

1. Server Installation

YUM source is created. If yes, it can be omitted.

 
 

  
  
# cat >> /etc/yum.repos.d/sohu.repo <<EOF 
  
  
[sohu] 
  
  
name=sohu's mirrors 
  
  
baseurl=http://mirrors.sohu.com/centos/5/os/x86_64/ 
  
  
enabled=1 
  
  
gpgcheck=0 
  
  
EOF 
 
 

Install the LAMP environment and rsyslog. If LAMP is available, you only need to install rsyslog-mysql.

 
 

  
  
yum install rsyslog rsyslog-mysql mysql mysql-devel mysql-server php php-mysql php-pdo php-common php-gd httpd 
 
 

Import rsyslog Database

 
 

  
  
mysql -u root -p < $(rpm -ql rsyslog-mysql | grep sql$) 
 
 

Create a database user

 
 

  
  
mysql -u root -p 
  
  
mysql> grant all privileges on Syslog.* to logger@localhost identified by 'logger'; 
  
  
mysql> flush privileges; 
  
  
mysql> exit; 
 
 

Modify the rsyslog configuration file

 
 

  
  
# Vi/etc/rsyslog. conf // modify it.
  
  
# Use traditional timestamp format
  
  
$ Actionfiledefatemplate template RSYSLOG_TraditionalFileFormat
  
  
 
  
  
# Provides kernel logging support (previously done by rklogd)
  
  
# Provides support for local system logging (e.g. via logger command)
  
  
$ ModLoad immark
  
  
$ ModLoad imuxsock
  
  
$ ModLoad imklog
  
  
 
  
  
$ ModLoad ommysql
  
  
*. *: Ommysql: 127.0.0.1, Syslog, logger, logger
  
  
 
  
  
$ ModLoad imudp. so
  
  
$ UDPServerRun 514
  
  
 
  
  
# Log all kernel messages to the console.
  
  
# Logging much else clutters up the screen.
  
  
# Kern. */dev/console
  
  
# Log anything (could t mail) of level info or higher.
  
  
# Don't log private authentication messages!
  
  
*. Info; mail. none; authpriv. none; cron. none/var/log/messages
  
  
# The authpriv file has restricted access.
  
  
Authpriv. */var/log/secure
  
  
# Log all the mail messages in one place.
  
  
Mail. *-/var/log/maillog
  
  
# Log cron stuff
  
  
Cron. */var/log/cron
  
  
 
  
  
# Everybody gets emergency messages
  
  
*. Emerg *
  
  
# Save news errors of level crit and higher in a special file.
  
  
Uucp, news. crit/var/log/spooler
  
  
 
  
  
# Save boot messages also to boot. log
  
  
Local7. */var/log/boot. log
 
 

The red part is added. For other comparisons, some are skipped. If not, add it.

Install LogAnalyzer

 
 

  
  
# wget http://download.adiscon.com/loganalyzer/loganalyzer-3.6.3.tar.gz 
  
  
# tar xf loganalyzer-3.6.3.tar.gz 
  
  
# mkdir /var/www/html/loganalyzer 
  
  
# mv loganalyzer-3.6.3/src/* /var/www/html/loganalyze 
  
  
# touch /var/www/html/loganalyzer/config.php 
  
  
# chmod 666 /var/www/html/loganalyzer/config.php 
 
 

Install it in a browser.

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/1T32553J-0.jpg "border =" 0 "alt =" "/>

 

 

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/1T32534W-1.jpg "border =" 0 "alt =" "/>

 

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/1T32514Q-2.jpg "border =" 0 "alt =" "/>

 

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/1T32564Z-3.jpg "border =" 0 "alt =" "/>

 

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/1T3254004-4.jpg "border =" 0 "alt =" "/>

The above completes the installation of loganalyzer, login to view

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/1T3253510-5.jpg "border =" 0 "alt =" "/>

Ii. Windows Client installation

Download evtsys http://code.google.com/p/eventlog-to-syslog/

 
 

  
  
Decompress the package to C: \ Windows \ System32
  
  
Evtsys-I-s 10-h log-server-ip-p 514
  
  
Net start evtsys
 
 

During installation, an error is reported, which is caused by the configuration file. You can ignore this issue as long as the installation is successful. Detailed parameters are attached below

 
 

  
  
Version: 4.4 (32-bit) 
  
  
Usage: evtsys.exe -i|-u|-d [-h host] [-b host] [-f facility] [-p port] 
  
  
       [-s minutes] [-l level] [-n] 
  
  
  -i           Install service 
  
  
  -u           Uninstall service 
  
  
  -d           Debug: run as console program 
  
  
  -h host      Name of log host 
  
  
  -b host      Name of secondary log host (optional) 
  
  
  -f facility  Facility level of syslog message 
  
  
  -l level     Minimum level to send to syslog.\n", stderr); 
  
  
           0=All/Verbose, 1=Critical, 2=Error, 3=Warning, 4=Info 
  
  
  -n           Include only those events specified in the config file. 
  
  
  -p port      Port number of syslogd 
  
  
  -q bool      Query the Dhcp server to obtain the syslog/port to log to 
  
  
               (0/1 = disable/enable) 
  
  
  -s minutes   Optional interval between status messages. 0 = Disabled 
  
  
 
  
  
Default port: 514 
  
  
Default facility: daemon 
  
  
Default status interval: 0 
  
  
Host (-h) required if installing. 
 
 

The following are Windows logs displayed on Loganalyzer, which are obvious windows logs. It is easy to monitor Linux logs. You can directly modify the configuration file and send the logs to the log server.

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/1T325A25-6.jpg "border =" 0 "alt =" "/>

 

This article is from the blog, please be sure to keep this source http://gm100861.blog.51cto.com/1930562/1191164