Rsyslog + LogAnalyzer + MySQL build a log server on CentOS 6.5

I. INTRODUCTION

LogAnalyzer is a Web front-end for syslog logs and other network event data. It provides simple log browsing, searching, basic analysis, and some chart reports. Data can be obtained from databases or common syslog text files. Therefore, LogAnalyzer does not need to change the existing record architecture. Based on the current log data, it can process syslog log messages, Windows event log records, and support troubleshooting, so that users can quickly find solutions to problems seen in log data.

LogAnalyzer provides two storage modes for obtaining client logs. One is to directly read the logs in the/var/log/directory of the client and save them to the directory on the server, one is read and saved to the log server database. The latter is recommended.

LogAnalyzer is developed using php, so the log server needs the php runtime environment. This article uses LAMP.

II. System environment

Rsyslog Server OS: CentOS 6.5

Rsyslog Server IP: 192.168.1.107

Rsyslog version: rsyslog-5.8.10-8.el6.i686

LogAnalyzer version: LogAnalyzer 3.6.5 (v3-stable)

LAMP version: httpd-2.2.15-30.el6.centos.i686 + mysql-5.1.73-3.el6_5.i686 + php-5.3.3-27.el6_5.i686

Firewall disabled/iptables: Firewall is not running.

SELINUX = disabled

Rsyslog Client OS: RHEL 6.4

Rsyslog Client IP: 192.168.1.108

3. Install and set the LAMP environment

3.1 install the LAMP environment

# Yum-y install httpd mysql * php *

3.2 start the service and add it to start the service

Start Apache

#/Etc/init. d/httpd start

# Chkconfig httpd on

START database

#/Etc/init. d/mysqld start

# Chkconfig mysqld on

3.3 set the MySQL root password

# Mysqladmin-uroot password 'abc123'

3.4 test the php runtime environment

# Cd/var/www/html/

[Root @ TS html] # cat> index. php <

>

> Phpinfo ();

>?>

> EOF

 

 

Open a browser and access: http: // 192.168.1.107/index. php.

 

 

The LAMP environment is configured.

4. Check and install the server software

4.1 check whether rsyslog software is installed

# Rpm-qa | grep rsyslog // This software is installed on the default system

4.2 install rsyslog to connect to the MySQL database module

# Yum install rsyslog-mysql-y

Rsyslog-mysql transmits logs to a module of the MySQL database for rsyslog, which must be installed here.

5. Configure the server

5.1 import the rsyslog-mysql database file

# Cd/usr/share/doc/rsyslog-mysql-5.8.10/

# Mysql-uroot-pabc123 <createDB. SQL

 

 

View operations

# Mysql-uroot-p

Mysql> show databases;

Mysql> show tables;

 

 

The Syslog database is imported into the database and two empty tables SystemEvents and SystemEventsProperties are created in the database.

5.2 Create rsyslog user permissions in mysql

# Mysql-uroot-p

Mysql> grant all on Syslog. * to rsyslog @ localhost identified by '123 ';

Mysql> flush privileges;

Mysql> exit

 

 

5.3 configure the server to support the rsyslog-mysql module, and enable the UDP service port to obtain logs of other LINUX systems in the network.

# Vi/etc/rsyslog. conf

$ ModLoad ommysql

*. *: Ommysql: localhost, Syslog, rsyslog, 123456

Add the preceding two lines under #### MODULES.

Note: localhost indicates the local host, Syslog indicates the database name, rsyslog indicates the database user, and 123456 indicates the user password.

5.4 enable the log module

# Vi/etc/rsyslog. conf

$ ModLoad immark # immark is the module name and supports log marking.

$ ModLoad imudp # imupd is the module name and supports udp protocol

$ UDPServerRun 514 # Allow port 514 to receive logs forwarded over UDP and TCP

 

 

5.5 restart the rsyslog service

#/Etc/init. d/rsyslog restart

6. Configure the client

6.1 check whether rsyslog is installed

# Rpm-qa | grep rsyslog

6.2 configure the rsyslog client to send local logs to the server

# Vi/etc/rsyslog. conf

*. * @ 192.168.1.107

Add the above line at the end of the line, that is, the client sends local logs to the server.

6.3 restart the rsyslog service

#/Etc/init. d/rsyslog restart

6.4 Edit/etc/bashrc and write all commands executed by the client to the system log/var/log/messages.

# Vi/etc/bashrc

Add a line at the end of the file

Export PROMPT_COMMAND = '{msg = $ (history 1 | {read x y; echo $ y;}); logger "[euid = $ (whoami)]": $ (who am I): ['pwd'] "$ msg ";}'

Set it to take effect

# Source/etc/bashrc

The client configuration is complete.

VII. Test whether the Rsyslog Server can normally accept Client logs

Client Test:

 

 

Server detection:

 

 

It indicates that the reception is normal, including some logs of the machine you restarted.

8. Install LogAnalyzer

# Wget http://download.adiscon.com/loganalyzer/loganalyzer-3.6.5.tar.gz

# Tar zxf loganalyzer-3.6.5.tar.gz

# Cd loganalyzer-3.6.5

# Mkdir-p/var/www/html/loganalyzer

# Rsync-a src/*/var/www/html/loganalyzer/

 

 

9. Install LogAnalyzer in the browser installation wizard

9.1 open a browser and access: http: // 192.168.1.107/loganalyzer/

 

 

If no configuration file is displayed, click here to generate it using the wizard.

9.2 Step 1: Test the system environment

 

 

Click "Next" to go to step 2.

 

 

Error message: the config. php file is missing and the permission must be set to 666. You can use the configure. sh script in the contrib directory to generate the file.

View configure. sh file content

 

 

Create the config. php file under/var/www/html/loganalyzer/and set the permission to 666.

# Touch/var/www/html/loganalyzer/config. php

# Chmod 666/var/www/html/loganalyzer/config. php

 

 

After completing the above operations, execute the ReCheck operation. The config. php file can be written, and click Next to go to the Next step.

 

 

Step 3: basic configuration

 

 

In User Database Options, enter the parameters set above and click Next.

Step 4: create a table

 

 

Click Next to create a table.

9.5 Step 5: check the SQL results

 

 

9.6 Step 6: create and manage users

 

 

9.7 Step 7: create the first system log source.

 

 

Step 8 of 9.8: Complete

 

 

10. Test

LogAnalyzer homepage

 

 

Click any record to view details.

 

 

View Statistics

 

 

Logon test

 

 

You can perform system settings in the Admin Center.

 

 

Rsyslog + LogAnalyzer Log server has been deployed.