Lab Environment:
Current operating system: Linux CentOS 7 3.10.0-327.el7.x86_64
Required Packages:
1,mysql:mariadb-5.5.44-2.el7.centos.x86_64
2, loganalyzer:loganalyzer-3.6.5
3, httpd:httpd-2.4.6-40.el7.centos.x86_64
4, php:php-5.4.16-36.el7_1.x86_64
5, php-mysql:php-mysql-5.4.16-36.el7_1.x86_64
6, php-gd:php-gd-5.4.16-36.el7_1.x86_64
7,rsyslog-mysql:rsyslog-mysql-7.4.7-12.el7.x86_64
Functions implemented: Rsyslog logging with MySQL
Step One:
1. Install MySQL server
[[Email protected] 7 ~]# yum-y Install Mariadb-server
2, to prevent MySQL from the anti-host parsing, you need to add the following options in the MySQL configuration file:
[[Email protected] 7 ~]# Vim/etc/my.cnfskip_name_resolve=oninnodb_file_per_table=on
3. Start the MySQL service
[[Email protected] 7 ~] #systemctl start Mariadb.service
4. Check if the service is working properly
[[Email protected] 7 ~] #ss-tnllisten 0 *:3306 *:*
Step Two:
1. Install the Rsyslog driver module connected to MySQL server
[[Email protected] 7 ~] #yum-y install Rsyslog-mysql
2. View the packages generated by the Rsyslog-mysql
[[Email protected] 7 ~] #rpm-QL rsyslog-mysql/usr/lib64/rsyslog/ommysql.so/usr/share/doc/rsyslog-7.4.7/ Mysql-createdb.sql
3, prepare Rsyslog dedicated user account in MySQL server
[[Email protected] 7 ~] #mysqlMariaDB [(none)]> GRANT all on syslog.* to ' rsyslog ' @ ' 127.0.0.1 ' identified by ' Rsyslogpas S '; Authorized 127.0.0.1 Host query OK, 0 rows Affected (0.00 sec)
MariaDB [(None)]> GRANT all on syslog.* to ' rsyslog ' @ ' local ' identified by ' rsyslogpass '; Authorize the native host query OK, 0 rows affected, 1 Warning (0.00 sec) MariaDB [(None)]> FLUSH privileges; Reread Authorization form query OK, 0 rows Affected (0.00 sec)
[[Email protected] 7 ~] #mysql-ursyslog-h127.0.0.1-prsyslogpass Verify login mysql account and password mariadb [(none)]> SHOW databases;+-- ------------------+| Database |+--------------------+| Information_schema | | Test |+--------------------+2 rows in Set (0.00 sec)
[[Email protected] 7 ~] #less/usr/share/doc/rsyslog-7.4.7/mysql-createdb.sql Create a MySQL script
4. Generate the required databases and tables
[[Email protected] 7 ~] #mysql-ursyslog-h127.0.0.1-prsyslogpass </usr/share/doc/rsyslog-7.4.7/mysql-createdb.sql
[[email protected] 7 ~] #mysql -ursyslog -h127.0.0.1 -prsyslogpass Verify that the resulting table and data mariadb [(none)]> show databases;+--------------------+| database |+--------------------+| information_schema | | syslog | | test |+-------- ------------+3 rows in set (0.00 sec) mariadb [(none)]> use syslog; mariadb [syslog]> show tables;+------------------------+| tables_in_syslog |+------------------------+| systemevents | | systemeventsproperties |+------------------------+2 rows in set (0.00 sec) mariadb [syslog]> desc systemevents;
5, configure Rsyslog using Ommysql module
[[Email protected] 7 ~] #vim/etc/rsyslog.conf#### MODULES # # # # # # # # # # # Add Ommysql module $modload ommysql
6. Configure the rules to record the expected log information in MySQL
# # # Rules ####*.*: ommysql:127.0.0.1,syslog,rsyslog,rsyslogpass Add rule #*.info;mail.none;authpriv.none;cron.none /var/log/messages Comment out
7. Restart the Rsyslog service and view the status
[[Email protected] 7 ~] #systemctl restart Rsyslog.service[[email protected] 7 ~] #systemctl status Rsyslog.service
8, Client Authentication log
[[Email protected] 7 ~] #mysql-usyslog-h127.0.0.1-prsyslogpassmariadb [(none)]> use Syslog; MariaDB [syslog]> SELECT * from Systemevents\g[[email protected] 7 ~] #logger-P Local13.warn "How is old is you?" At another terminal Fromhost:centos 7message:how old is you?
Step Three:
Installing Loganalyzer
1. Install the required packages
[[Email protected] 7 ~] #yum-y install httpd php php-mysql PHP-GD
2. Start and check the service
[[Email protected] 7 ~] #systemctl start Httpd.service[[email protected] 7 ~] #ss-tnllisten 0 *:80 *:*
3, install loganalyzer-3.6.5
[[Email protected] 7 ~] #ls need to download online Loganalyzer-3.6.5[[email protected] 7 ~] #cd Loganalyzer-3.6.5[[email protected] 7 Logan alyzer-3.6.5] #cp-a src/var/www/html/loganalyzer-3.6.5[[email protected] 7 loganalyzer-3.6.5] #cd/var/www/html/[[ Email protected] 7 HTML] #ls [[email protected] 7 HTML] #ln-SV loganalyzer-3.6.5/log[[email protected] 7 HTML] #cd Log[[emai L protected] 7 log] #touch Config.php[[email protected] 7 log] #chmod 666 config.php
4, open the browser, configure
1), enter the following address in the Address entry field:
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/89/0A/wKioL1gF_OLzQfMcAAAK_35j7Xs789.png "title=" Qq20161018174737.png "alt=" Wkiol1gf_olzqfmcaaak_35j7xs789.png "/>
2), click here in the pop- up box to initialize the settings
650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M02/89/0A/wKioL1gF_XvxVDt3AAAeNEOzG6s919.png "title=" Qq20161018174852.png "alt=" Wkiol1gf_xvxvdt3aaaeneozg6s919.png "/>
650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/89/0D/wKiom1gF_dnRO-FOAAAF_XnZOzw220.png "style=" float: none; "title=" Qq20161018174925.png "alt=" Wkiom1gf_dnro-foaaaf_xnzozw220.png "/>
650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/89/0A/wKioL1gF_dmCXO0iAAAP07cvyU0103.png "style=" float: none; "title=" Qq20161018174958.png "alt=" Wkiol1gf_dmcxo0iaaap07cvyu0103.png "/>
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/89/0D/wKiom1gF_dqjCIQbAABwWPyJsAI607.png "style=" float: none; "title=" Qq20161018175026.png "alt=" Wkiom1gf_dqjciqbaabwwpyjsai607.png "/>
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/89/0A/wKioL1gF_drSVxjWAABZNSINmYM321.png "style=" float: none; "title=" Qq20161018175049.png "alt=" Wkiol1gf_drsvxjwaabznsinmym321.png "/>
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/89/0D/wKiom1gF_dvQSCAyAACQOGiun_I481.png "style=" float: none; "title=" Qq20161018183334.png "alt=" Wkiom1gf_dvqscayaacqogiun_i481.png "/>
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/89/0A/wKioL1gF_dvQpo6ZAAALdRIe54c135.png "style=" float: none; "title=" Qq20161018175341.png "alt=" Wkiol1gf_dvqpo6zaaaldrie54c135.png "/>
3), when you see the red warning bar, you need to modify the configuration file
650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/89/0A/wKioL1gF_oewiYlLAAAtmo3mmuo075.png "title=" Qq20161018175358.png "alt=" Wkiol1gf_oewiyllaaatmo3mmuo075.png "/>
[[Email protected] 7 log] #vim config.php
Change localhost to 127.0.0.1
$CFG [' userdbserver '] = ' 127.0.0.1 '; $CFG [' Sources '] [' Source1 '] [' dbserver '] = ' 127.0.0.1 ';
[[Email protected] 7 log] #chmod 644 config.php Modify Permissions
4) Refresh the page again, see the following page, congratulations on your service build completed
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/89/0D/wKiom1gF_wPABMM3AAPFGHk3RiE309.png "title=" Qq20161018183556.png "alt=" Wkiom1gf_wpabmm3aapfghk3rie309.png "/>
Build Rsyslog+mysql+loganalyzer