The Loganalyzer is a web front end for syslog logs and other network event data. It provides simple browsing, searching, basic analysis, and some chart reporting functions for logs. Data can be obtained from a database or a generic syslog text file, so Loganalyzer does not need to change the existing record schema. Based on the current log data, it can handle syslog log messages, Windows event logging, support troubleshooting, and enable users to quickly find solutions to the problem seen in log data.
Loganalyzer Gets the client log there are two save modes, one is to read the log in the client/var/log/directory directly and save it to the server directory, one is to save the read to the log servers database, it is recommended to use the latter.
Loganalyzer uses PHP development, so the log server needs PHP operating environment, this article uses lamp.
Second, the system environment
Rsyslog Server Os:centos 6.7
Rsyslog Server ip:192.168.168.125
Rsyslog version: rsyslog-5.8.10-10.el6_6.i686
Loganalyzer version: Loganalyzer 3.6.5
LAMP version: httpd-2.2.15-47.el6.centos.3.i686 + mysql-5.1.73-5.el6_6.i686 + php-5.3.3-46.el6_7.1.i686
The firewall is turned off/iptables:firewall is not running.
Selinux=disabled
Rsyslog Client Os:rhel 6.7
Rsyslog Client ip:192.168.168.123
Third, install and set the lamp environment
3.1 Installing the Lamp environment
# yum-y Install httpd mysql* php*
3.2 Start the service and join the boot boot
Launch Apache
#/ETC/INIT.D/HTTPD Start
# Chkconfig httpd on
Start the database
#/etc/init.d/mysqld Start
# Chkconfig Mysqld on
3.3 Setting the MySQL root password
# mysqladmin-uroot password ' abc123 '
3.4 Testing the PHP operating environment
[Email protected] loganalyzer]# vim/var/www/html/index.php
Enter the following content:
<?php
Phpinfo ();
?>
Open browser access:http://192.168.168.125/index.php
Lamp environment configuration is complete.
Iv. checking and installing server-side software
4.1 Check if the Rsyslog software is installed
# Rpm-qa|grep Rsyslog//The software is installed on the default system
4.2 Installing Rsyslog modules connected to MySQL database
# yum Install Rsyslog-mysql–y
Rsyslog-mysql a module for Rsyslog to send logs to the MySQL database, which must be installed.
V. Configuring the server Side
5.1 Importing Rsyslog-mysql database files
# cd/usr/share/doc/rsyslog-mysql-5.8.10/
# mysql-uroot-pabc123 < Createdb.sql
See what's done
# mysql-uroot–p
mysql> show databases;
Mysql> Show tables;
The import database operation created the Syslog library and created two empty tables systemevents and systemeventsproperties in the library.
5.2 Create Rsyslog user rights under MySQL
# mysql-uroot–p
Mysql> Grant all on syslog.* to [e-mail protected] identified by ' 123456 ';
mysql> flush Privileges;
Mysql> exit
5.3 Configure the service side to support the Rsyslog-mysql module and turn on the UDP service port to get other Linux system logs in the network
# vi/etc/rsyslog.conf
$ModLoad Ommysql
*. *: ommysql:localhost,syslog,rsyslog,123456
Add the top two lines under # # # # MODULES # # # #
Description: localhost indicates a local host, Syslog is the database name, Rsyslog is the user of the database, and 123456 is the user password.
5.4 Opening the relevant log module
# vi/etc/rsyslog.conf
$ModLoad Immark #immark是模块名, support log tagging
$ModLoad imudp #imupd是模块名, support UDP protocol
$UDPServerRun 514 #允许514端口接收使用UDP协议转发过来的日志
$ModLoad imtcp #imupd是模块名, support UDP protocol
$InputTCPServerRun 514 #允许514端口接收使用TCP协议转发过来的日志
5.5 Restart Rsyslog Service
#/etc/init.d/rsyslog Restart
Vi. Configuring the Client
6.1 Check if Rsyslog is installed
# Rpm-qa|grep Rsyslog
6.2 Configuring the Rsyslog client to send local logs to the server
# vi/etc/rsyslog.conf
* * @192.168.168.125
At the end of the line, the above line is added, that is, the client sends the local log to the server.
6.3 Restart Rsyslog Service
#/etc/init.d/rsyslog Restart
6.4 Edit/ETC/BASHRC to write all commands executed by the client to the system log/var/log/messages.
# VI/ETC/BASHRC
Add a line at the end of a file
Export prompt_command= ' {msg=$ (History 1 | {read x y; echo $y;}); Logger "[euid=$ (WhoAmI)]": $ (Who am I): [' pwd '] "$msg"; }‘
Set it in effect
# SOURCE/ETC/BASHRC
The client configuration is complete.
Test whether Rsyslog server can properly accept client-side logs
Client Side testing:
Server-Side detection:
Note that the reception is normal, including some logs that you can restart the machine to see.
Viii. installation of Loganalyzer
# wget http://download.adiscon.com/loganalyzer/loganalyzer-3.6.5.tar.gz
# tar zxf loganalyzer-3.6.5.tar.gz
# CD loganalyzer-3.6.5
# mkdir-p/var/www/html/loganalyzer
# rsync-a src/*/var/www/html/loganalyzer/
Ix. installing Loganalyzer in the Browser Installation Wizard
9.1 Open Browser access:http://192.168.1.107/loganalyzer/
Tip There is no configuration file, click here to use the wizard to generate.
9.2 First step, test the system environment
Click "Next" to enter the second step.
Tip error: The config.php file is missing and the permissions are set to 666, which can be generated using the configure.sh script under the contrib directory.
You need to create a config.php file under/var/www/html/loganalyzer/and set its permissions to 666.
[Email protected] loganalyzer-3.6.5]# cd/var/www/html/loganalyzer/
[Email protected] loganalyzer]# cp/usr/local/src/loganalyzer-3.6.5/contrib/configure.sh.
[Email protected] loganalyzer]# chmod a+x configure.sh
[Email protected] loganalyzer]#./configure.sh
After doing the above operation, perform recheck operation, config.php file can be written, click Next to enter next step.
9.3 Third step, basic configuration
In the user Database Options, fill in the parameters set above and click Next.
9.4 Fourth step, create a table
Click Next to start creating the table.
9.5 Fifth Step, check SQL results
9.6 Sixth step to create an administrative user
9.7 Seventh Step, create the first system log source.
9.8 Eighth step, complete
Ten, testing
Loganalyzer Home
Click on any of the records to see the details.
View statistics
Login Test
Some system settings can be made in admin Center.
Rsyslog + Loganalyzer Log server deployment is complete.
This article refer to the document configuration of David_tang , slightly modified, see in the original: http://www.cnblogs.com/mchina/p/ Linux-centos-rsyslog-loganalyzer-mysql-log-server.html
Deploying a log server with Rsyslog+loganalyzer+mysql under CentOS 6.7