Rsyslog+mysql+loganalyzer Log Centralized analysis management

Objective
rsyslog System Log, called the syslog on the CentOS5, and on the CentOS6 called Rsyslog, called the enhanced version of the SYSLOG,CENTOS5 on the configuration file under/etc/syslog.conf, and CentOS6 under/etc/rsyslog.conf.
The syslog default is to put our logs into files, users, log servers, pipelines.
Rsyslog has one more avenue on the syslog basis, allowing logs to be placed in MySQL data.
Where is rsyslog better than the syslog:
Multi-threading: Multithreading
TCP, SSL, TLS, Relp: Support TCP protocol, SSH encryption, support RCLP protocol
MySQL, PostgreSQL, Oracle and more: Support logs are stored in these databases
Filter any part of the syslog message: Supports custom filters to filter some information
Fully Configurable output format: Supports full customization of the export formats
Suitable for Enterprise-class relay chains: and especially for enterprise-level log collection
What the log is:Popular is to record the historical information that happened in the past, and we have a variety of system logs, such as error logs, binary logs, things logs, interrupt logs, query logs, in these logs, in addition to the thing log, most of the logs are called history log, Record what has happened in our system over the past period of time.
Log has log level: priority
Debug: Debugging, so-called debugging is not prioritized, as long as the occurrence of the record down
Info: Any time the program normally outputs information, rather than debugging information, it is recorded, if a level is defined and the level higher than this level will be recorded.
Notice: Attention, remind the user to be aware of
Warning: Warning to remind users that some of the more serious problems may occur
ERR: An error occurred in a function that must be processed
Crit: It's worse than err, and it's probably going to hang after a while.
Alert: Red alert, more severe than crit, need immediate treatment
Emerg,panic: Hang up right away.
We run the system on the line * * * * * * * software, there are many service-level software, the software has to generate logs, the log where to go, by whom to record, to which file, record which level, if all the log of a program need to define their own, it becomes very troublesome, And most of the software log information is relatively simple, there is no need to say that they have to define their own log, then we use the syslog, he is a service, what does not do, he has two processes, syslogd and KLOGD, one is to record system-level log information, One is to record the kernel-level log information, and the syslog itself runs as a service, if someone needs to log the logs sent to the Syslog, by the syslog to help record, as to where to go by the syslog to judge, so you can interpret him as a log framework, He is in order to achieve a specific function, in order to undertake a variety of software used in this function, but also to achieve a lower level to help more software logging of such a mechanism, and if the log too much, then we find the log is not convenient, then we have to classify the log management, which is said the facility (facility) , the log information is classified from the function program,
Loganalyzer is a Web front-end tool for Syslog and other network event data that provides easy-to-use log browsing, search and basic analysis, as well as graphs that read logs for analysis, typically using the Loganalyzer of the database to analyze and manage centralized logs.
implement Rsyslog log centralization to Mysql+loganalyzer management analytics
1, install MySQL, this installation process is no longer explained here, the previous blog post we have said in detail, you can refer to the blog: summary: CentOS 6.5 lamp host platform for the building and testing http://tanxw.blog.51cto.com/4309543/ 1386381, here is the detailed installation process.
1, installation Loganalyzer

# tar xvzf loganalyzer-3.6.4.tar.gz

# cd loganalyzer-3.6.4

# mkdir /usr/local/apache/htdocs/syslog

把这两个src、contrib目录下的所有文件移动你本机能解析PHP路径下的web路径下。

# mv src/* /usr/local/apache/htdocs/syslog/

# mv contrib/* /usr/local/apache/htdocs/syslog/

# chmod u+x /usr/local/apache/htdocs/syslog/*.sh

# cd /usr/local/apache/htdocs/syslog/

# ./configure.sh

# ./secure.sh

# chmod 666 config.php

把这个目录下的所有文件的属主属组都改为apache运行的进程名

# chown -R daemon.daemon *

650) this.width=650; "title=" 1.png "alt=" wkiol1nepgdqn7ohaabhn1hjinw895.jpg "src=" http://s3.51cto.com/wyfs02/M02/ 23/d2/wkiol1nepgdqn7ohaabhn1hjinw895.jpg "/>

2. Edit the Rsyslog configuration file

# vim /etc/rsyslog.conf

$ModLoad ommysql 这一项必须定义在Module一段中

ommysql:这个表示装载的模块名；Syslog表示数据名；rsysloguser,rsyslogpass这两个是用户和密码

*.*     :ommysql:127.0.0.1,Syslog,rsysloguser,rsyslogpass

接着安装要rsyslog-mysql、php和php-mysql并导入数据定义的脚本，/usr/share/doc/rsyslog-mysql/createDB.sql

# yum -y install php php-mysql

# yum -y install rsyslog-mysql

# cd /usr/share/doc/rsyslog-mysql-5.8.10/

导入数据库

# mysql < /usr/share/doc/rsyslog-mysql/createDB.sql

650) this.width=650; "title=" 2.png "alt=" wkiom1nepjzi9ewyaaepmemwu8u559.jpg "src=" http://s3.51cto.com/wyfs02/M01/ 23/d2/wkiom1nepjzi9ewyaaepmemwu8u559.jpg "/>

3, login to the database, to the user Rsysloguser authorization, password for Rsyslogpass

# mysql

mysql> GRANT ALL ON Syslog.* TO ‘rsysloguser‘@‘127.0.0.1‘IDENTIFIED BY ‘rsyslogpass‘;

mysql> GRANT ALL ON Syslog.* TO ‘rsysloguser‘@‘localhost‘IDENTIFIED BY ‘rsyslogpass‘;

mysql> FLUSH PRIVILEGES;

650) this.width=650; "title=" 3.png "alt=" wkiol1nepjaqe_ozaafzxr4tuwu989.jpg "src=" http://s3.51cto.com/wyfs02/M00/ 23/d2/wkiol1nepjaqe_ozaafzxr4tuwu989.jpg "/>

650) this.width=650; "title=" 4.png "alt=" wkiol1neplcyj3-xaafnhr7cuf8082.jpg "src=" http://s3.51cto.com/wyfs02/M02/ 23/d2/wkiol1neplcyj3-xaafnhr7cuf8082.jpg "/>

To start the service, enter the address on the page to test the installation:

# service Rsyslog Start

If you do not connect to the database after the installation, prompting that the data cannot be connected through/var/lib/mysql/mysql.sock, then create the MySQL directory file under/var/lib/and link the/tmp/mysql.sock socket file to/var/lib The/mysql/directory can then be connected:

# Mkdir/var/lib/mysql

# ln-s/tmp/mysql.sock/var/lib/mysql/

Http://172.16.27.1/syslog 650) this.width=650; "title=" 5.png "alt=" wkiol1neptlilqdzaaeqqpiwzo8493.jpg "src="/HTTP/ S3.51cto.com/wyfs02/m02/23/d2/wkiol1neptlilqdzaaeqqpiwzo8493.jpg "/>

650) this.width=650; "title=" 6.png "alt=" wkiom1nepykimgneaajkw4jxpb8565.jpg "src=" http://s3.51cto.com/wyfs02/M01/ 23/d2/wkiom1nepykimgneaajkw4jxpb8565.jpg "/>

650) this.width=650; "title=" 7.png "alt=" wkiol1nepxsr-hkoaag7sdv0dgo695.jpg "src=" http://s3.51cto.com/wyfs02/M00/ 23/d2/wkiol1nepxsr-hkoaag7sdv0dgo695.jpg "/>

650) this.width=650; "title=" 8.png "alt=" wkiom1nepboigaq1aagqcntpli4343.jpg "src=" http://s3.51cto.com/wyfs02/M00/ 23/d2/wkiom1nepboigaq1aagqcntpli4343.jpg "/>

650) this.width=650; "title=" 9.png "alt=" wkiom1nepdhj9ejxaahwhghwqkq274.jpg "src=" http://s3.51cto.com/wyfs02/M02/ 23/d2/wkiom1nepdhj9ejxaahwhghwqkq274.jpg "/>

650) this.width=650; "title=" 10.png "alt=" wkiom1nepeycj2jwaac4nlqqk4k574.jpg "src=" http://s3.51cto.com/wyfs02/M01/ 23/d2/wkiom1nepeycj2jwaac4nlqqk4k574.jpg "/>

650) this.width=650; "title=" 11.png "alt=" wkiol1nephndl82gaah1eqik-fo296.jpg "src=" http://s3.51cto.com/wyfs02/M01/ 23/d3/wkiol1nephndl82gaah1eqik-fo296.jpg "/>

End:
Centralized storage and management of the log, placed in the MySQL database is very good management and analysis, this page is also very intuitive to see the log information.

This article is from the "Gentoo" blog, be sure to keep this source http://linuxgentoo.blog.51cto.com/7678232/1542801