Rsyslog+mysql+loganalyzer Build a log server < personal notes >

Here's the idea: Use the Linux Rsyslog service to do the underlying, then use the MySQL and Rsyslog templates to store the files and display them on the web. The storage of < templates is stored as a tree of dates, and is divided by the server client IP as the file name. The final effect is as follows: 1. Configure the service for Rsyslog server 2. Configure the Lamp Architecture 3. Install the Loganalyzer log web4. Set up the Web Rights control One, configure the Rsyslog Server service below is/etc/ rsyslog.conf configuration file, modify it to the following configuration.

[[Email protected] ~]#grep-v ' ^# '/etc/rsyslog.conf|grep-v ' ^$ '$ModLoad Ommysql*. *: ommysql:localhost,syslog,rsyslog,123456$ModLoad Imuxsock#provides support for local system logging (e.g. via logger command)$ModLoad Imklog#provides kernel logging support (previously do by RKLOGD)$ModLoad Immark#provides--mark--message capability$ModLoad Imudp$udpserverrun514$ModLoad Imtcp$inputtcpserverrun514$ActionFileDefaultTemplate rsyslog_traditionalfileformat$template Dynamicfile,"/var/log/ttlogs/% $YEAR%/% $MONTH%/% $DAY%/%fromhost-ip%-test.log"*.* ? Dynamicfile$includeconfig/etc/rsyslog.d/*. conf*.info;mail.none;authpriv.none;cron.none/var/log/Messagesauthpriv.*/var/log/Securemail.*-/var/log/Maillogcron.*/var/log/Cron*.emerg *Uucp,news.crit/var/log/Spoolerlocal7.*/var/log/Boot.log[[email protected]~]##/etc/init.d/rsyslog Restart #重启下rsyslog的服务#chkconfig rsyslog on #设置开机启动#NETSTAT-TPNL #检查rsyslogd服务是否正常启动, 514 ports#logger ' Test_samcao ' #发送测试日志测试#tail-f/var/log/messages # to see if there is any test information, there is an interface to add MySQL, there will be an error message but not affect

Note : You need to note the Rsyslog version, some versions of the configuration is not the same. There will be problems, which need to be based on the log information in the/var/log/message to troubleshoot, in this first step configuration Rsyslog server is configuredSecond, ready to configure the lamp environment below this step can be directly set up a good lamp environment

# yum-y install httpd mysql mysql-server php php-mysql postgresql postgresql-server php-postgresql php-pgsql php-devel GD Gd-devel php-gd#/etc/init.d/httpd start#/etc/rc.d/init.d/mysqld start # /usr/bin/mysqladmin-u root password ' new-password '

Third, install the Loganalyzer log Web.

# wget http://download.adiscon.com/loganalyzer/loganalyzer-3.6.5.tar.gz # Tar zxvf loganalyzer-3.6.5.tar.gz # CD loganalyzer-3.6.5 # mkdir-p/var/www/html/loganalyzer # rsync-a src/*/var/www/html/loganalyzer/ # touch/var/www/html/loganalyzer/config.php # chmod 666/var/www/html/loganalyzer/config.php

Then it is the operation to access the Http://192.168.1.213/loganalyzer page for the Web installation. I ignored that. Too many pictures. And I'm done with the installation. Too much trouble again. You can see this link:http://www.cnblogs.com/mchina/p/linux-centos-rsyslog-loganalyzer-mysql-log-server.htmlNote : Note that the above installation, the database if you do not need to manually build, but also the name of the data table case. and GD library support open/etc/php.ini to cancel the comment of gd.jpeg_ignore_warning = 0 .Four, the establishment of web rights control by default can directly open the Web page to view the log, may sometimes need to do the relevant permission settings, no further research loganalyzer, in this direct use of Apache password to deal with this problem 1. The http.conf in theallowoverride All

[[Email protected] ~] #  "Login""/var/webuser"require valid -~]#

4. UseYou will be prompted to enter your password. Just enter the password. You cannot use the command above when you need to add multiple users. Where-C indicates that an encrypted file needs to be created and can be added using Htpasswd-mdps/var/webuser cs.That's it. Finally, when you visit the Web, you will be prompted to enter a password. The input is then available for normal access. Some of the configuration information above is not clear, if the students need to see some of the following links:https://linux.cn/article-5023-1.html Configuring a syslog server on Linux http://www.cnblogs.com/mchina/p/linux-centos-rsyslog-loganalyzer-mysql-log-server.html deploying a log server with Rsyslog+loganalyzer+mysql under CentOS 6.5There are some other official links, there is no post, there is a problem Baidu go to it. This is just one of my own records.

[[Email protected] ~]#grep-v ' ^# '/etc/rsyslog.conf |grep-v ' ^$ '$ModLoad Imuxsock#provides support for local system logging (e.g. via logger command)$ModLoad Imklog#provides kernel logging support (previously do by RKLOGD)$ActionFileDefaultTemplate Rsyslog_traditionalfileformat$includeconfig/etc/rsyslog.d/*. conf*.info;mail.none;authpriv.none;cron.none/var/log/Messagesauthpriv.*/var/log/Securemail.*-/var/log/Maillogcron.*/var/log/Cron*.emerg:omusrmsg:*Uucp,news.crit/var/log/Spoolerlocal7.*/var/log/boot.logmodule (Load="Imfile"Pollinginterval="Ten") input (type="Imfile"File="/usr/local/u-mail/service/nginx/logs/access.log"Statefile="/var/spool/rsyslog/statefile1"Tag="Tag1"Severity="Access"Facility="LOCAL7") local7.* @192.168.1.213:514*.* @192.168.1.213[[Email protected]~]# 

Rsyslog+mysql+loganalyzer Build a log server < personal notes >