Deploy a log server using Rsyslog + LogAnalyzer + MySQL in CentOS 6.5

I. Introduction

LogAnalyzer is a Web Front-end for syslog logs and other network event data. It provides simple log browsing, searching, basic analysis, and some chart reports. Data can be obtained from databases or common syslog text files. Therefore, LogAnalyzer does not need to change the existing record architecture. Based on the current log data, it can process syslog log messages, Windows event log records, and support troubleshooting, so that users can quickly find solutions to problems seen in log data.

LogAnalyzer provides two storage modes for obtaining client logs. One is to directly read the logs in the/var/log/directory of the client and save them to the directory on the server, one is read and saved to the log server database. The latter is recommended.

LogAnalyzer is developed using php, so the log server needs the php runtime environment. This article uses LAMP.

Ii. System Environment

Rsyslog Server OS: CentOS 6.5

Rsyslog Server IP: 192.168.1.107

Rsyslog version: rsyslog-5.8.10-8.el6.i686

LogAnalyzer version: LogAnalyzer 3.6.5 (v3-stable)

LAMP version: httpd-2.2.15-30.el6.centos.i686 + mysql-5.1.73-3.el6_5.i686 + php-5.3.3-27.el6_5.i686

Firewall disabled/iptables: Firewall is not running.

SELINUX = disabled

Rsyslog Client OS: RHEL 6.4

Rsyslog Client IP: 192.168.1.108

3. Install and set the LAMP Environment

3.1 install the LAMP Environment

# Yum-y install httpd mysql * php *

3.2 start the service and add it to start the service

Start Apache

#/Etc/init. d/httpd start

# Chkconfig httpd on

Start Database

#/Etc/init. d/mysqld start

# Chkconfig mysqld on

3.3 set the MySQL root Password

# Mysqladmin-uroot password 'abc123'

3.4 test the php Runtime Environment

# Cd/var/www/html/

[Root @ TS html] # cat> index. php <EOF
> <? Php
> Phpinfo ();
>?>
> EOF

4. Check and install the server software

4.1 check whether rsyslog software is installed

# Rpm-qa | grep rsyslog // This software is installed on the default system

4.2 install rsyslog to connect to the MySQL database module

# Yum install rsyslog-mysql-y

Rsyslog-mysql transmits logs to a module of the MySQL database for rsyslog, which must be installed here.

5. Configure the server

5.1 import the rsyslog-mysql database file

# Cd/usr/share/doc/rsyslog-mysql-5.8.10/

# Mysql-uroot-pabc123 <createDB. SQL

6. Configure the client

6.1 check whether rsyslog is installed

# Rpm-qa | grep rsyslog

6.2 configure the rsyslog client to send local logs to the server

# Vi/etc/rsyslog. conf

*. * @ 192.168.1.107

Add the above line at the end of the line, that is, the client sends local logs to the server.

6.3 restart the rsyslog Service

#/Etc/init. d/rsyslog restart

6.4 edit/etc/bashrc and write all commands executed by the client to the system log/var/log/messages.

# Vi/etc/bashrc

Add a line at the end of the file

Export PROMPT_COMMAND = '{msg = $ (history 1 | {read x y; echo $ y;}); logger "[euid = $ (whoami)]": $ (who am I): ['pwd'] "$ msg ";}'

Set it to take effect

# Source/etc/bashrc

The client configuration is complete.

VII. test whether the Rsyslog Server can normally accept Client logs

Client test:

8. Install LogAnalyzer

# Wget http://download.adiscon.com/loganalyzer/loganalyzer-3.6.5.tar.gz

# Tar zxf loganalyzer-3.6.5.tar.gz

# Cd loganalyzer-3.6.5

# Mkdir-p/var/www/html/loganalyzer

# Rsync-a src/*/var/www/html/loganalyzer/

9. Install LogAnalyzer in the browser Installation Wizard

9.1 open a browser and access: http: // 192.168.1.107/loganalyzer/

In User Database Options, enter the parameters set above and click Next.

Step 4: Create a table

10. Test

LogAnalyzer Homepage

Click any record to view details.

David Camp

• For technical exchange, add the QQ group:

System O & M Technology: 296513821

• Author: QQ: 562866602
• My ID: mchina_tang
• Write to me: mchina_tang@qq.com
• My address: Suzhou, Jiangsu Province

We always believe that sharing is a virtue |We Believe, Great People Share Knowledge...