Deploying a log server with Rsyslog+mysql+loganalyzer

Rsyslog Introduction:

The Rsyslog service on CentOS is specifically responsible for logging system log information (earlier versions of the system use Syslog,rsyslog as the next-generation version of Syslog), and Rsyslog has three components: Syslogd,klogd,logrotate

SYSLOGD main record system and network services such as log information;

KLOGD mainly records the information generated by the kernel;

Logrotate is mainly used for log file cutting cycle record;

About MySQL:

MySQL is a relational database management system, and MySQL is one of the best RDBMS (relational database Management system, relational data management systems) application software in WEB applications.

MySQL is an associated database management system that keeps data in separate tables rather than putting all of the data in a large warehouse, which increases speed and increases flexibility.

MySQL software because of its small size, fast, low total cost of ownership, especially the open source of this feature, the general development of small and medium-sized web sites have chosen MySQL as the site database. Thanks to its superior performance, PHP and Apache make a good development environment

Loganalyzer Introduction:

The Loganalyzer is a web front end for syslog logs and other network event data. It provides simple browsing, searching, basic analysis, and some chart reporting functions for logs. Data can be obtained from a database or a generic syslog text file, so Loganalyzer does not need to change the existing record schema. Based on the current log data, it can handle syslog log messages, Windows event logging, support troubleshooting, and enable users to quickly find solutions to the problem seen in log data.

Loganalyzer Gets the client log there are two save modes, one is to read the log in the client/var/log/directory directly and save it to the server directory, one is to save the read to the log servers database, it is recommended to use the latter.

Loganalyzer uses PHP development, so the log server needs PHP operating environment, this article uses lamp.

System environment:

Firewall off

SELinux off

CentOS7.2

Httpd-2.4.6-40.el7.centos.x86_64

Mariadb-server-5.5.44-2.el7.centos.x86_64

Php-5.4.16-36.el7_1.x86_64

Php-mysql-5.4.16-36.el7_1.x86_64

Rsyslog-7.4.7-12.el7.x86_64

loganalyzer-3.6.5

Configuring the Lamp Environment

First step: Install the related package

# yum-y Install httpd php php-mysql mariadb-server php-gd

Step two: After the installation is complete, the relevant configuration

① Start httpd Service:

[Email protected] ~]# systemctl start httpd

②mysql Additional Configuration items:

Skip Name Resolution

[Email protected] ~]# vim/etc/my.cnf [mysqld] ... skip_name_resolve = on Innodb_file_per_table=on

③ start MySQL

[Email protected] ~]# systemctl start Mariadb.service

To see if it is turned on:

[Email protected] ~]# ss-tnlstate recv-q send-q Local address:port Peer address:portlisten 0 *:3306 *:*

The default administrator user is: root, password is empty, after the first installation, it is recommended to use the Mysql_secure_installation command for security settings;

④[[email protected] ~]# mysql_secure_installation

Use the command "mysql-u Username-p password" to log in,

⑤ Restart HTTP Service

[Email protected] ~]# systemctl start httpd

To install the server-side program:

(1) Install the Rsyslog driver module connected to MySQL server;

[Email protected] ~]# yum-y install Rsyslog-mysql

See what files The Rsyslog-mysql package generates

[Email protected] ~]# RPM-QL rsyslog-mysql.x86_64/usr/lib64/rsyslog/ommysql.so/usr/share/doc/rsyslog-7.4.7/ Mysql-createdb.sql

View File "/usr/share/doc/rsyslog-7.4.7/mysql-createdb.sql"

CREATE DATABASE Syslog;

Use Syslog;

CREATE TABLE SystemEvents

。。。

CREATE TABLE systemeventsproperties

。。。

You can see that this file is defined in the database by two tables

(2) Prepare Rsyslog dedicated user account in MySQL server;

[[Email protected] ~] #mysql-u user name-p password mariadb [(none)]> GRANT all on syslog.* to ' rsyslog ' @ ' 127.0.0.1 ' identified by ' Rsyslogpass '; Query OK, 0 rows Affected (0.00 sec) MariaDB [(none)]> FLUSH privilegesquery OK, 0 rows Affected (0.00 sec)

(3) Generate the required databases and tables;

[Email protected] ~]# Mysql-ursyslog-h127.0.0.1-prsyslogpass </usr/share/doc/rsyslog-7.4.7/mysql-createdb.sql

(4) Configuring Rsyslog using Ommysql Module

[Email protected] ~]# vim/etc/rsyslog.conf

Add $ModLoad ommysql in the MODULES module

(5) Configure the rules to record the expected log information in MySQL;

Added in the Rules module: *. *: Ommysql:127.0.0.1,syslog,rsyslog,rsyslogpass

(6) Restart the Rsyslog service;

[Email protected] ~]# systemctl restart Rsyslog.service

(7) Installation Loganalyzer

① First Get Loganalyzer

Http://download.adiscon.com/loganalyzer/loganalyzer-3.6.5.tar.gz

② decompression, and configure the relevant

# tar-xf loganalyzer-3.6.5.tar.gz# cd loganalyzer-3.6.5/# cp-a src/var/www/html/loganalyzer# cd/var/www/html# LN-SV Loganalyzer log# CD log# touch config.php# chmod 666 config.php

③ install Loganalyzer in the Browser Installation Wizard, open the browser to access "server address/log"

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M02/89/0F/wKiom1gGSm-xYQ0HAAAZ7mV_CCY412.png "title=" 1.png " alt= "Wkiom1ggsm-xyq0haaaz7mv_ccy412.png"/>

#提示没有配置文件, click here to use the wizard to generate the configuration file

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/89/0F/wKiom1gGSn6SePQiAAB60GZqx4c125.png "style=" float: none; "title=" 2.png "alt=" Wkiom1ggsn6sepqiaab60gzqx4c125.png "/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/89/0F/wKiom1gGSn_hCgCPAACSaLNMA10039.png "style=" float: none; "title=" 3.png "alt=" Wkiom1ggsn_hcgcpaacsalnma10039.png "/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/89/0D/wKioL1gGSn_DkcTHAACB81mOfBM435.png "style=" float: none; "title=" 4.png "alt=" Wkiol1ggsn_dkcthaacb81mofbm435.png "/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/89/0F/wKiom1gGSoDCNjnrAABlyTgLdJI612.png "style=" float: none; "title=" 5.png "alt=" Wkiom1ggsodcnjnraablytgldji612.png "/>

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M01/89/0F/wKiom1gGTHfTTnVvAAAlEGdhz0w185.png "title=" 7.png " alt= "Wkiom1ggthfttnvvaaalegdhz0w185.png"/>

#显示没有发现syslog记录, edit config file and change "localhost" to "127.0.0.1"

[Email protected] ~]# vim/var/www/html/log/config.php

Refresh the page and finish!

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M01/89/0D/wKioL1gGSoHipVm0AAF9e36Knuo762.png "style=" float: none; "title=" 6.png "alt=" Wkiol1ggsohipvm0aaf9e36knuo762.png "/>

This article is from the "I ' m Groot" blog, so be sure to keep this source http://groot.blog.51cto.com/11448219/1863251

Deploying a log server with Rsyslog+mysql+loganalyzer