I. Introduction
LogAnalyzer is a Web Front-end for syslog logs and other network event data. It provides simple log browsing, searching, basic analysis, and some chart reports. Data can be obtained from databases or common syslog text files. Therefore, LogAnalyzer does not need to change the existing record architecture. Based on the current log data, it can process syslog log messages, Windows event log records, and support troubleshooting, so that users can quickly find solutions to problems seen in log data.
LogAnalyzer provides two storage modes for obtaining client logs. One is to directly read the logs in the/var/log/directory of the client and save them to the directory on the server, one is read and saved to the log server database. The latter is recommended.
LogAnalyzer is developed using php, so the log server needs the php runtime environment. This article uses LAMP.
Ii. System Environment
Rsyslog Server OS: CentOS 6.5
Rsyslog Server IP: 192.168.1.107
Rsyslog version: rsyslog-5.8.10-8.el6.i686
LogAnalyzer version: LogAnalyzer 3.6.5 (v3-stable)
LAMP version: httpd-2.2.15-30.el6.centos.i686 + mysql-5.1.73-3.el6_5.i686 + php-5.3.3-27.el6_5.i686
Firewall disabled/iptables: Firewall is not running.
SELINUX = disabled
Rsyslog Client OS: RHEL 6.4
Rsyslog Client IP: 192.168.1.108
3. Install and set the LAMP Environment
3.1 install the LAMP Environment
# Yum-y install httpd mysql * php *
3.2 start the service and add it to start the service
Start Apache
#/Etc/init. d/httpd start
# Chkconfig httpd on
Start Database
#/Etc/init. d/mysqld start
# Chkconfig mysqld on
3.3 set the MySQL root Password
# Mysqladmin-uroot password 'abc123'
3.4 test the php Runtime Environment
# Cd/var/www/html/
[Root @ TS html] # cat> index. php <EOF
> <? Php
> Phpinfo ();
>?>
> EOF
4. Check and install the server software
4.1 check whether rsyslog software is installed
# Rpm-qa | grep rsyslog // This software is installed on the default system
4.2 install rsyslog to connect to the MySQL database module
# Yum install rsyslog-mysql-y
Rsyslog-mysql transmits logs to a module of the MySQL database for rsyslog, which must be installed here.
5. Configure the server
5.1 import the rsyslog-mysql database file
# Cd/usr/share/doc/rsyslog-mysql-5.8.10/
# Mysql-uroot-pabc123 <createDB. SQL
6. Configure the client
6.1 check whether rsyslog is installed
# Rpm-qa | grep rsyslog
6.2 configure the rsyslog client to send local logs to the server
# Vi/etc/rsyslog. conf
*. * @ 192.168.1.107
Add the above line at the end of the line, that is, the client sends local logs to the server.
6.3 restart the rsyslog Service
#/Etc/init. d/rsyslog restart
6.4 edit/etc/bashrc and write all commands executed by the client to the system log/var/log/messages.
# Vi/etc/bashrc
Add a line at the end of the file
Export PROMPT_COMMAND = '{msg = $ (history 1 | {read x y; echo $ y;}); logger "[euid = $ (whoami)]": $ (who am I): ['pwd'] "$ msg ";}'
Set it to take effect
# Source/etc/bashrc
The client configuration is complete.
VII. test whether the Rsyslog Server can normally accept Client logs
Client test:
8. Install LogAnalyzer
# Wget http://download.adiscon.com/loganalyzer/loganalyzer-3.6.5.tar.gz
# Tar zxf loganalyzer-3.6.5.tar.gz
# Cd loganalyzer-3.6.5
# Mkdir-p/var/www/html/loganalyzer
# Rsync-a src/*/var/www/html/loganalyzer/
9. Install LogAnalyzer in the browser Installation Wizard
9.1 open a browser and access: http: // 192.168.1.107/loganalyzer/
In User Database Options, enter the parameters set above and click Next.
Step 4: Create a table
10. Test
LogAnalyzer Homepage
Click any record to view details.
David Camp
- For technical exchange, add the QQ group:
System O & M Technology: 296513821
- Author: QQ: 562866602
- My ID: mchina_tang
- Write to me: mchina_tang@qq.com
- My address: Suzhou, Jiangsu Province
We always believe that sharing is a virtue |We Believe, Great People Share Knowledge...