Deploying a log server with Rsyslog+loganalyzer+mysql under CentOS 6.5

Source: Internet
Author: User
Tags syslog import database rsyslog

First, Introduction

The Loganalyzer is a web front end for syslog logs and other network event data. It provides simple browsing, searching, basic analysis, and some chart reporting functions for logs. Data can be obtained from a database or a generic syslog text file, so Loganalyzer does not need to change the existing record schema. Based on the current log data, it can handle syslog log messages, Windows event logging, support troubleshooting, and enable users to quickly find solutions to the problem seen in log data.

Loganalyzer Gets the client log there are two save modes, one is to read the log in the client/var/log/directory directly and save it to the server directory, one is to save the read to the log servers database, it is recommended to use the latter.

Loganalyzer uses PHP development, so the log server needs PHP operating environment, this article uses lamp.

Second, the system environment

Rsyslog Server Os:centos 6.5

Rsyslog Server ip:192.168.1.107

Rsyslog version: rsyslog-5.8.10-8.el6.i686

Loganalyzer version: Loganalyzer 3.6.5 (v3-stable)

LAMP version: httpd-2.2.15-30.el6.centos.i686 + mysql-5.1.73-3.el6_5.i686 + php-5.3.3-27.el6_5.i686

The firewall is turned off/iptables:firewall is not running.

Selinux=disabled

Rsyslog Client Os:rhel 6.4

Rsyslog Client ip:192.168.1.108

Third, install and set the lamp environment

3.1 Installing the Lamp environment

# yum-y Install httpd mysql* php*

3.2 Start the service and join the boot boot

Launch Apache

#/ETC/INIT.D/HTTPD Start

# Chkconfig httpd on

Start the database

#/etc/init.d/mysqld Start

# Chkconfig Mysqld on

3.3 Setting the MySQL root password

# mysqladmin-uroot password ' abc123 '

3.4 Testing the PHP operating environment

# cd/var/www/html/

[email protected] html]# cat > index.php <<eof
> <?php
> phpinfo ();
>?>
> EOF

650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px;border:0px ; "title=" 1 "src=" Http://images.cnitblog.com/blog/370046/201406/152230297492032.jpg "alt=" 1 "border=" 0 "height=" 79 " Width= "329"/>

Open Browser access: http://192.168.1.107/index.php

650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px;border:0px ; "Title=" 2 "src=" Http://images.cnitblog.com/blog/370046/201406/152230339671021.jpg "alt=" 2 "border=" 0 "height=" 428 "Width=" 824 "/>

Lamp environment configuration is complete.

Iv. checking and installing server-side software

4.1 Check if the Rsyslog software is installed

# Rpm-qa|grep Rsyslog//The software is installed on the default system

4.2 Installing Rsyslog modules connected to MySQL database

# yum Install Rsyslog-mysql–y

Rsyslog-mysql a module for Rsyslog to send logs to the MySQL database, which must be installed.

V. Configuring the server Side

5.1 Importing Rsyslog-mysql database files

# cd/usr/share/doc/rsyslog-mysql-5.8.10/

# mysql-uroot-pabc123 < Createdb.sql

650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px;border:0px ; "Title=" 3 "src=" Http://images.cnitblog.com/blog/370046/201406/152230353892022.jpg "alt=" 3 "border=" 0 "height=" 67 " Width= "564"/>

See what's done

# mysql-uroot–p

mysql> show databases;

Mysql> Show tables;

650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px;border:0px ; "title=" 5 "src=" Http://images.cnitblog.com/blog/370046/201406/152230391869882.jpg "alt=" 5 "border=" 0 "height=" 522 "Width=" 638 "/>

The import database operation created the Syslog library and created two empty tables systemevents and systemeventsproperties in the library.

5.2 Create Rsyslog user rights under MySQL

# mysql-uroot–p

Mysql> Grant all on syslog.* to [e-mail protected] identified by ' 123456 ';

mysql> flush Privileges;

Mysql> exit

650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px;border:0px ; "title=" 7 "src=" Http://images.cnitblog.com/blog/370046/201406/152230432958370.jpg "alt=" 7 "border=" 0 "height=" 300 "Width=" 646 "/>

5.3 Configure the service side to support the Rsyslog-mysql module and turn on the UDP service port to get other Linux system logs in the network

# vi/etc/rsyslog.conf

$ModLoad Ommysql
*. *: ommysql:localhost,syslog,rsyslog,123456

Add the top two lines under # # # # MODULES # # # #

Description: localhost indicates a local host, Syslog is the database name, Rsyslog is the user of the database, and 123456 is the user password.

5.4 Opening the relevant log module

# vi/etc/rsyslog.conf

$ModLoad Immark #immark是模块名, support log tagging

$ModLoad imudp #imupd是模块名, support UDP protocol

$UDPServerRun 514 #允许514端口接收使用UDP和TCP协议转发过来的日志

650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px;border:0px ; "title=" 6 "src=" Http://images.cnitblog.com/blog/370046/201406/152230456554759.jpg "alt=" 6 "border=" 0 "height=" 166 "Width=" 710 "/>

5.5 Restart Rsyslog Service

#/etc/init.d/rsyslog Restart

Vi. Configuring the Client

6.1 Check if Rsyslog is installed

# Rpm-qa|grep Rsyslog

6.2 Configuring the Rsyslog client to send local logs to the server

# vi/etc/rsyslog.conf

* * @192.168.1.107

At the end of the line, the above line is added, that is, the client sends the local log to the server.

6.3 Restart Rsyslog Service

#/etc/init.d/rsyslog Restart

6.4 Edit/ETC/BASHRC to write all commands executed by the client to the system log/var/log/messages.

# VI/ETC/BASHRC

Add a line at the end of a file

Export prompt_command= ' {msg=$ (History 1 | {read x y; echo $y;}); Logger "[euid=$ (WhoAmI)]": $ (Who am I): [' pwd '] "$msg"; }‘

Set it in effect

# SOURCE/ETC/BASHRC

The client configuration is complete.

Test whether Rsyslog server can properly accept client-side logs

Client Side testing:

650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px;border:0px ; "Title=" one "src=" http://images.cnitblog.com/blog/370046/201406/152230484839989.jpg "alt=" one "border=" 0 "height=" 183 "width=" 895 "/>

Server-Side detection:

650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px;border:0px ; "title=" src= "http://images.cnitblog.com/blog/370046/201406/152230549368094.jpg" alt= "border=" 0 "height=" 155 "width=" "/>"

Note that the reception is normal, including some logs that you can restart the machine to see.

Viii. installation of Loganalyzer

# wget http://download.adiscon.com/loganalyzer/loganalyzer-3.6.5.tar.gz

# tar zxf loganalyzer-3.6.5.tar.gz

# CD loganalyzer-3.6.5

# mkdir-p/var/www/html/loganalyzer

# rsync-a src/*/var/www/html/loganalyzer/

650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px;border:0px ; "title=" src= "http://images.cnitblog.com/blog/370046/201406/152230576862068.jpg" alt= "border=" 0 "height=" 222 "width=" 735 "/>

Ix. installing Loganalyzer in the Browser Installation Wizard

9.1 Open Browser Access: http://192.168.1.107/loganalyzer/

650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px;border:0px ; "title=" src= "http://images.cnitblog.com/blog/370046/201406/152230597649967.jpg" alt= "border=" 0 "height=" 428 "width=" 824 "/>

Tip There is no configuration file, click here to use the wizard to generate.

9.2 First step, test the system environment

650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px;border:0px , "title=" "src=" http://images.cnitblog.com/blog/370046/201406/152231017959555.jpg "alt=" "border=" 0 "height=" 586 "width=" 824 "/>

Click "Next" to enter the second step.

650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px;border:0px ; "title=" src= "http://images.cnitblog.com/blog/370046/201406/152231033115286.jpg" alt= "border=" 0 "height=" 671 "width=" 824 "/>

Tip error: The config.php file is missing and the permissions are set to 666, which can be generated using the configure.sh script under the contrib directory.

View configure.sh File contents

650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px;border:0px ; "title=" src= "http://images.cnitblog.com/blog/370046/201406/152231040773687.jpg" alt= "border=" 0 "height=" "Width=" 390 "/>

You need to create a config.php file under/var/www/html/loganalyzer/and set its permissions to 666.

# touch/var/www/html/loganalyzer/config.php

# chmod 666/var/www/html/loganalyzer/config.php

650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px;border:0px ; "title=" src= "http://images.cnitblog.com/blog/370046/201406/152231048275315.jpg" alt= "border=" 0 "height=" "Width=" 606 "/>"

After doing the above operation, perform recheck operation, config.php file can be written, click Next to enter next step.

650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px;border:0px ; "title=" src= "http://images.cnitblog.com/blog/370046/201406/152231060921802.jpg" alt= "border=" 0 "height=" 593 "width=" 824 "/>

9.3 Third step, basic configuration

650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px;border:0px ; "title=" src= "http://images.cnitblog.com/blog/370046/201406/152231075778289.jpg" alt= "border=" 0 "height=" 760 "width=" 824 "/>

In the user Database Options, fill in the parameters set above and click Next.

9.4 Fourth step, create a table

650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px;border:0px "Title=" "src=" http://images.cnitblog.com/blog/370046/201406/152231087177503.jpg "alt=" "border=" 0 "height=" 606 "width=" 824 "/>

Click Next to start creating the table.

9.5 Fifth Step, check SQL results

650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px;border:0px ; "title=" src= "http://images.cnitblog.com/blog/370046/201406/152231099677218.jpg" alt= "border=" 0 "height=" 606 "width=" 824 "/>

9.6 Sixth step to create an administrative user

650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px;border:0px "Title=" src= "http://images.cnitblog.com/blog/370046/201406/152231123747621.jpg" alt= "border=" 0 "height=" 606 "width=" 824 "/>

9.7 Seventh Step, create the first system log source.

650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px;border:0px ; "title=" src= "http://images.cnitblog.com/blog/370046/201406/152231135773322.jpg" alt= "border=" 0 "height=" 760 "width=" 824 "/>

9.8 Eighth step, complete

650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px;border:0px ; "title=" src= "http://images.cnitblog.com/blog/370046/201406/152231166861340.jpg" alt= "border=" 0 "height=" 553 "width=" 824 "/>

Ten, testing

Loganalyzer Home

650) this.width=650; "src=" http://images.cnitblog.com/i/370046/201406/152238098898273.jpg "width=" "/>"

Click on any of the records to see the details.

650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px;border:0px ; "Title=" "src=" http://images.cnitblog.com/blog/370046/201406/152231266398345.jpg "alt=" "border=" 0 "height=" 324 "width=" "/>"

View statistics

650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px;border:0px , "title=" to "src=" http://images.cnitblog.com/blog/370046/201406/152231294836048.jpg "alt=" to "border=" 0 "height=" 540 "width=" "/>"

Login Test

650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px;border:0px ; "Title=" "src=" http://images.cnitblog.com/blog/370046/201406/152231311086578.jpg "alt=" "border=" 0 "height=" 290 "width=" "/>"

Some system settings can be made in admin Center.

650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px;border:0px ; "title=" src= "http://images.cnitblog.com/blog/370046/201406/152231372494654.jpg" alt= "border=" 0 "height=" 540 "width=" "/>"

Rsyslog + Loganalyzer Log server deployment is complete.


Deploying a log server with Rsyslog+loganalyzer+mysql under CentOS 6.5

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.