CentOS using Rsyslog+mysql+loganalyzer to deploy log servers

Rsyslog Introduction:

The Rsyslog service is specifically responsible for recording system log information on CentOS (earlier versions of the system use Syslog,rsyslog as the next generation of syslog), and Rsyslog consists of three parts: syslogd,klogd,logrotate

SYSLOGD The log information of the main records system and network service;

KLOGD mainly records the information generated by the kernel;

Logrotate is mainly used for cutting circular records of log files;

MySQL Introduction:

MySQL is a relational database management system, and MySQL is one of the best RDBMS (relational database Management system, relational DBMS) application software in WEB applications.

MySQL is a relational database management system in which the associated database keeps data in different tables rather than putting all the data in a large warehouse, which increases speed and improves flexibility.

MySQL software because of its small size, speed, the total cost of ownership is low, especially the open source of this feature, the general development of small and medium-sized Web sites have chosen MySQL as a website database. Because of its excellent performance, with PHP and Apache can make a good development environment

Loganalyzer Introduction:

Loganalyzer is a Web front-end for syslog logs and other network event data. It provides a simple view of the log, search, basic analysis, and some chart reporting capabilities. Data can be obtained from a database or a generic syslog text file, so Loganalyzer does not need to change the existing record schema. Based on the current log data, it can handle syslog log messages, Windows event log records, support troubleshooting, and enable users to quickly find the solution to the problem in log data.

Loganalyzer get the client log there are two save modes, one is to read the log in the client/var/log/directory directly and save to the server side of the directory, one is read after saving to the log servers database, recommended to use the latter.

Loganalyzer uses PHP to develop, so the log server needs PHP's operating environment, this article uses lamp.

System environment:

Firewall shutdown

SELinux off

CentOS7.2

Httpd-2.4.6-40.el7.centos.x86_64

Mariadb-server-5.5.44-2.el7.centos.x86_64

Php-5.4.16-36.el7_1.x86_64

Php-mysql-5.4.16-36.el7_1.x86_64

Rsyslog-7.4.7-12.el7.x86_64

loganalyzer-3.6.5

Configure Lamp Environment

The first step: Install the related package

# yum-y Install httpd php php-mysql mariadb-server php-gd
Step two: After the installation completes, each related configuration

① Start httpd Service:

[Root@centos7 ~]# systemctl start httpd
②mysql Add additional configuration items:

Skip Name Resolution

[Root@centos7 ~]# vim/etc/my.cnf
[Mysqld]
...
Skip_name_resolve = On
Innodb_file_per_table=on
③ start MySQL

[Root@centos7 ~]# systemctl start Mariadb.service
To see whether to open:

[Root@centos7 ~]# SS-TNL
State Recv-q send-q The local address:port Peer address:port
LISTEN 0 *:3306 *:*

The default administrator user is: root, the password is null, the first installation recommended to use the Mysql_secure_installation command for security settings;

④[root@centos7 ~]# mysql_secure_installation

You can log on using the command "mysql-u Username-p password".

⑤ Restart HTTP Service

[Root@centos7 ~]# systemctl start httpd

To install a server-side program:

(1) Install Rsyslog connected to the MySQL server driver module;

[Root@centos7 ~]# yum-y Install Rsyslog-mysql

To see which files are generated by the Rsyslog-mysql package

[Root@centos7 ~]# rpm-ql rsyslog-mysql.x86_64
/usr/lib64/rsyslog/ommysql.so
/usr/share/doc/rsyslog-7.4.7/mysql-createdb.sql

View File "/usr/share/doc/rsyslog-7.4.7/mysql-createdb.sql"

CREATE DATABASE Syslog;

Use Syslog;

CREATE TABLE systemevents

。。。

CREATE TABLE systemeventsproperties

。。。

You can see that this file is defined in the database by two tables

(2) Prepare Rsyslog dedicated user account in MySQL server;

[Root@centos7 ~] #mysql-u username-p password
MARIADB [(None)]> GRANT all in syslog.* to ' rsyslog ' @ ' 127.0.0.1 ' identified by ' rsyslogpass ';
Query OK, 0 rows Affected (0.00 sec)
MARIADB [(None)]> FLUSH Privileges
Query OK, 0 rows Affected (0.00 sec)

(3) Generate the required database and tables;

[Root@centos7 ~]# Mysql-ursyslog-h127.0.0.1-prsyslogpass </usr/share/doc/rsyslog-7.4.7/mysql-createdb.sql

(4) Configure Rsyslog to use Ommysql module

[Root@centos7 ~]# vim/etc/rsyslog.conf

Adding in the MODULES module
$ModLoad Ommysql
(5) Configure rules to record the expected log information in MySQL;

Add in the Rules module:
*.*: Ommysql:127.0.0.1,syslog,rsyslog,rsyslogpass
(6) Restart Rsyslog service;

[Root@centos7 ~]# systemctl Restart Rsyslog.service

(7) Installation Loganalyzer

① First Get Loganalyzer

Http://download.adiscon.com/loganalyzer/loganalyzer-3.6.5.tar.gz

② decompression, and related configuration

# TAR-XF Loganalyzer-3.6.5.tar.gz
# CD LOGANALYZER-3.6.5/
# cp-a Src/var/www/html/loganalyzer
# cd/var/www/html
# LN-SV Loganalyzer Log
# CD Log
# Touch config.php
# chmod 666 config.php

To install Loganalyzer in the Browser Setup Wizard, open the browser to access server address/log