Tags: kth admin httpd service appears blank rest theme Pre DataOutput HOST1/2 system logs, log to the MySQL server database, and publish loganalyzer structural relationships such as: Preparatory work:
Vmware
CentOS 7 Minimum System installation image
Loganalyzer Source Package Download
Install three hosts, copy Loganalyzer to MARIADB host
The IP address corresponds to the host relationship table:
MARIADB Host
192.168.142.128/24
HOST1
Features provided by the software: 1. rsyslog is a log service of RHEL or CentOS 6. x, replacing the syslog service of the previous system. In this architecture, the rsyslog service is mainly used to collect logs, classify logs, and write them into the database. 2. mysql is a simple database. In this architecture, the main task is to store the collected log infor
Objectiversyslog System Log, called the syslog on the CentOS5, and on the CentOS6 called Rsyslog, called the enhanced version of the SYSLOG,CENTOS5 on the configuration file under/etc/syslog.conf, and CentOS6 under/etc/rsyslog.conf.The syslog default is to put our logs into files, users, log servers, pipelines.Rsyslog
1, Logstash end
Close the rsyslog of the Logstash machine and release the 514 port number
[Root@node1 config]# systemctl stop Rsyslog
[root@node1 config]# systemctl status Rsyslog
Rsyslog.service-sys TEM Logging Service
loaded:loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset:enabled)
Active:inactive (dead) since Thu 2018-04-26 14:32:
at/run/systemd/journal/stdout for log data coming from systemd-managed services.
It listens on the af_local datagram sockets at/run/systemd/journal/socket for log data coming from programs that speak the Systemd-specific Journal protocol (i.e. SD_JOURNAL_SENDV () et al.).
It mixes these all together.
It writes to a set of System-wide and Per-user journal files, in/run/log/journal/or/var/log/journal/.
If It can connect (as a client) to an af_local datagram Socket At/run/systemd/journ
; Index.php Phpinfo ();?>EofYou can see the PHP information by typing Http://YOURSERVERIP in the browser.7.1 Check if the Rsyslog software is installedRpm-qa|grep Rsyslog//The software is installed on the default system7.2 Installing Rsyslog modules connected to MySQL databaseYum Install Rsyslog-mysql–yRsyslog-mysql a
Original article address
Linux diary system is monitored by system logsProgramSyslogd is composed of the kernel log monitor klogd. The two monitoring programs are both daemon and registered as system services. In other words, we can find the corresponding execution programs under the/etc/init. d/directory, and start, close, and restart them using the service command. The/etc/syslog. conf file is the configuration file of the Linux diary system. The
Rsyslog + mysql + loganalyzer build a log server The general idea is as follows: Use the rsyslog service that comes with Linux as the underlying layer, and then use the templates of mysql and rsyslog to store files and display them on the web.
[Root @ localhost ~] # Grep-v '^ #'/etc/rsyslog. conf | grep-v '^ $' $ ModL
.
3. Process summary logs, such as log monitoring and Historical queries.
Lab environment:
Operating System: Centos 5.8 x86_64
1. Configure log collection
On the log summary server, perform the following operations:
Because Centos 5.8 x86_64 uses the syslog service by default, rsyslog must be manually installed on the log summary server.
service syslog stopc
Rsyslog-mysqlStart the Rsyslog service# service Rsyslog StartSetting up the Rsyslog service boot# Chkconfig Rsyslog onUse Createdb.sql to create the database on which the rsyslog depends# Mysql-u Root-p Authorizing Rsysloguser us
Document directory
Split local and remote logging
Split local and remote logging for three different ports
Fewer Filters
Partitioning of input data
Future enhancements
Multiple rulesets in rsyslog
Starting with version 4.5.0 and 5.1.1, rsyslog supports multiple rulesets within a single configuration. this is especially useful for routing the recpetion of remote messages to a set of specific rules. no
Tags: reference local type command ogg SWA Tor interface LinFirst, the configuration commands are logged to the syslog:Under/ETC/BASHRC of the client, add:Logger-p local3.info \ "' Who am I ' ======================================= is login \"Export prompt_command= ' {msg=$ (History 1 | {read x y; echo $y;}); Logger-p Local3.info \[$ (Who am I) \]\# \ "${msg}" \ "; }‘Logger command:For the Syslog Shell Interface command, there are some parameters that
Tags: deploying log server with Rsyslog+loganalyzer+mysql under CentOSFirst, install and set the lamp environmentyum-y Install httpd mysql* php*Second, installation RsyslogServer-side:Yum Install Rsyslog Rsyslog-mysqlRsyslog-mysql: Transferring logs to the MySQL databasemysql-uroot-p1234 Configure Data permissions # Mysql-uroot–pMysql> Grant all on
*.info | COMMANDInfo level for all facilitymail.*:all levels of mailMail,news.info:Log Information Format:Time Host Process ( PID): EventEnable Logging Server features: moduleCollect log information through 514/udp:> # provides UDP syslog reception> $ModLoad imudp> $UDPServerRun 514Collect log information through 514/tcp> # provides TCP syslog reception> $ModLoad imtcp> $InputTCPServerRun 514
Example:
; mail. none indicates that all information except the mail information is sent during debugging.
The action field indicates the destination of the message. It can be:
/Filename log file. The file name specified by the absolute path. This file must be created in advance;
@ Host remote host;
User1 and user2 specify the user. If the specified user has logged on, the user will receive the message;
* All users. All logged-on users will receive the message.
2. start or stop the
, take various detours, and read the various maillist discussed by our predecessors. We were reminded in one sentence: strafe is very helpful in finding the problem.
The strace was forgotten. The strace-TT-S 500-FP rsyslog process no.-O strace. log, the result is similar to: connect (6, {sa_family = af_inet, sin_port = htons (XXXX), sin_addr = inet_addr ("192.168.x.x")}, 16) =-1 eacces (permission denied)
This indicates that port forwarding has faile
visualize the appearance, obviously by querying the MySQL database stored in the log information can be completed!Lab Step 1. Deploying MySQL Server
1.1 install MySQL Here will not repeat the installation process, refer to mariadb Universal binary Deployment manual 1.2 Creating a Rsyslog dependent databaseBecause Rsyslog and MySQL are separated in the schema, MySQL must have
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.