I. Introduction of Loganalyzer
The Loganalyzer tool provides an easy-to-use, powerful front-end for searching, viewing and analyzing network activity data, including system logs, event logs, and many other log sources. Since it only presents the data to our users, the data itself needs to be collected by another program, such as Syslogd,rsyslog (which is now the default syslogd for the distribution), Winsyslog or Monitorware proxy. Loganalyzer is also available for Linux and Windows. It is mostly free software written in PHP, based on the GPL open source application. Data can be obtained from a database or from a plain text file.
This case planning diagram:
650) this.width=650; "Src=" http://images2015.cnblogs.com/blog/790056/201605/790056-20160510191501530-2031567118. JPG "style=" border:0px; "/>
Second, the lamp environment is deployed on the Rsyslog server.
1. Installing httpd
[[email protected] ~]# yum install httpd-y[[email protected] ~]# systemctl start httpd[[email protected] ~]# systemctl en Able httpd
2. Install MySQL
[[email protected] ~]# yum install MySQL mysql-server-y[[email protected] ~]# systemctl start mariadb[[email protected] ~ ]# systemctl enable mariadbcreated symlink from/etc/systemd/system/multi-user.target.wants/mariadb.service to/usr/ Lib/systemd/system/mariadb.service. [Email protected] ~]# mysqladmin-u root password ' rsyslog.ppp '
Test login, no problem, install PHP
3. Install PHP
[[email protected] ~]# yum install php php-mysql php-gd-y[[email protected] ~]# cat/var/www/html/test.php <?phpphpinf O ();? >
Open the client browser to access the test http://192.168.30.67/test.php
4. Install the Rsyslog and add the boot
[Email protected] ~]# Wget-o/etc/yum.repos.d/rsyslog.repo http://rpms.adiscon.com/v8-stable/rsyslog.repoc[[email Protected] ~]# Yum install rsyslog-*--skip-broken-y[[email protected] ~]# Systemctl enable Rsyslog
5.rsyslog Build Library script, path in/usr/share/doc/rsyslog-mysql-8.18.0/createdb.sql, now we log into the database to create a RSYSLOGDB library, and import the build library script
[Email protected] ~]# more/usr/share/doc/rsyslog-mysql-8.18.0/createdb.sql CREATE DATABASE rsyslogdb; Use RSYSLOGDB; [Email protected] ~]# mysql-uroot-p </usr/share/doc/rsyslog-mysql-8.18.0/createdb.sql Enter Password:
Log in and test the library.
650) this.width=650; "src="/img/fz.gif "alt=" Copy Code "style=" border:0px; "/>
[[email protected] ~]# mysql -uroot -p rsyslogdbenter password: mariadb [rsyslogdb]> show databases;+--------------------+| database |+--------------------+| information_schema | | mysql | | performance_schema | | rsyslogdb |+--------------------+4 rows in set (0.00 sec) Create user and authorize mariadb [rsyslogdb]> grant all on rsyslogdb.* to [email protected] identified by ' RSYSLOG.PPP '; query ok, 0 rows affected (0.00 sec) Mariadb [rsyslogdb]> flush privileges; query ok, 0 rows affected (0.00 sec) mariadb [rsyslogdb]> Exit last Test the user's login [[EmaiL protected] ~]# mysql -ursyslogdbadmin -p rsyslogdb
650) this.width=650; "src="/img/fz.gif "alt=" Copy Code "style=" border:0px; "/>
6. Modify the rsyslog.conf file, as follows:
650) this.width=650, "src="/img/jia.gif "style=" border:0px; "/> View Code
Restart the Rsyslog service and now log in to MySQL for verification.
650) this.width=650; "src="/img/fz.gif "alt=" Copy Code "style=" border:0px; "/>
mariadb [rsyslogdb]> use rsyslogdbdatabase changedmariadb [rsyslogdb]> Select count (*) from systemevents;+----------+| count (*) |+----------+| 44 |+----------+1 row in set (0.00 sec) MariaDB [rsyslogdb]> select * from systemevents where id=1\g;****************** 1. row *************************** ID: 1 customerid: null receivedat: 2016-05-10 15:11:19devicereportedtime: 2016-05-10 15:11:19 Facility: 5 Priority: 6 &nbSp; fromhost: rsyslog message : [origin software= "Rsyslogd" swversion= "8.18.0" x-pid= "3902" x-info= "/http Www.rsyslog.com "] start ntseverity: null importance: null eventsource : null eventuser: null EventCategory: NULL EventID: Null eventbinarydata: null maxavailable: null CurrUsage: NULL MinUsage: NULL maxusage: null infounitid: 1 SysLogTag: rsyslogd: EventLogType: NULL Genericfilename: null systemid: null1 row in set (0.00 sec) error: no query specified
650) this.width=650; "src="/img/fz.gif "alt=" Copy Code "style=" border:0px; "/>
Iii. Deployment of Loganalyzer
1. Download
650) this.width=650; "src="/img/fz.gif "alt=" Copy Code "style=" border:0px; "/>
[[email protected] ~]# wget-c http://download.adiscon.com/loganalyzer/loganalyzer-3.6.6.tar.gz extract [email protected] ~ ]# tar zxvf loganalyzer-3.6.6.tar.gz copy files to [[email protected] ~]# cp-r loganalyzer-3.6.6/src//var/www/html/loganalyzer[ [Email protected] ~]# cp-r loganalyzer-3.6.6/contrib/*/var/www/html/loganalyzer/into the Loganalyzer program, assign the following script to execute permissions [[ Email protected] ~]# cd/var/www/html/loganalyzer/[[email protected] loganalyzer]# chmod +x configure.sh secure.sh Run conf igure.sh, a blank config.php configuration file will be created [[email Protected]syslog loganalyzer]#./configure.sh
650) this.width=650; "src="/img/fz.gif "alt=" Copy Code "style=" border:0px; "/>
2. Open the browser access Http://192.168.30.67/loganalyzer installation interface, as below, there will be an error, select here650) this.width=650; "src=" http:// Images2015.cnblogs.com/blog/790056/201605/790056-20160510180012687-851553154.jpg "style=" border:0px; "/>
Choose here to install
650) this.width=650; "Src=" http://images2015.cnblogs.com/blog/790056/201605/790056-20160510180036171-412359808. JPG "style=" border:0px; "/>
Select next650) this.width=650; "Src=" http://images2015.cnblogs.com/blog/790056/201605/ 790056-20160510180122046-1540203281.jpg "style=" border:0px; "/>
Verify the config file, which is the one we did not run the configure.sh generated file
650) this.width=650; "Src=" http://images2015.cnblogs.com/blog/790056/201605/790056-20160510180616921-966086604. JPG "style=" border:0px; "/>
Basic configuration, fill in the database connection information
650) this.width=650; "Src=" http://images2015.cnblogs.com/blog/790056/201605/790056-20160510180134234-1667966909. JPG "style=" border:0px; "/>
Create a table and select next directly
650) this.width=650; "Src=" http://images2015.cnblogs.com/blog/790056/201605/790056-20160510180249827-779111975. JPG "style=" border:0px; "/>
Check that there are no failed states. Continue to the next
650) this.width=650; "Src=" http://images2015.cnblogs.com/blog/790056/201605/790056-20160510180514655-510106669. JPG "style=" border:0px; "/>
Create a Rsyslog Web management user named Rsyslog
650) this.width=650; "Src=" http://images2015.cnblogs.com/blog/790056/201605/790056-20160510181515218-153865777. JPG "style=" border:0px; "/>
Check for more information
650) this.width=650; "Src=" http://images2015.cnblogs.com/blog/790056/201605/790056-20160510181555874-1677892938. JPG "style=" border:0px; "/>
Here, source type needs to be modified to MySQL native source, then fill in the MySQL related information, note (Database Tablename I write error, correct should be systemevents)
650) this.width=650; "Src=" http://images2015.cnblogs.com/blog/790056/201605/790056-20160510181651343-988891395. JPG "style=" border:0px; "/>
Upon completion, the next step is to log in to Loganalyzer.
650) this.width=650; "Src=" http://images2015.cnblogs.com/blog/790056/201605/790056-20160510181918921-1178509656. JPG "style=" border:0px; "/>
Enter the Rsyslog, and set the password.
650) this.width=650; "Src=" http://images2015.cnblogs.com/blog/790056/201605/790056-20160510181939780-1618777681. JPG "style=" border:0px; "/>
Here, you can see the last Rsyslog server collected logs, which have been shown on the home page.
650) this.width=650; "Src=" http://images2015.cnblogs.com/blog/790056/201605/790056-20160510182006109-491882187. JPG "style=" border:0px; "/>
Linux Rsyslog+loganalyzer Log Collection system