Rsyslog + mysql bitsCN.com
1. install MySQL
A ../configure -- prefix =/usr/local/mysql -- with-charset = utf8
B. make install
2. configure MySQL, add a write-only account and a read-only account. write-only accounts write logs to rsyslog in mysql. read-only accounts are used on front-end web pages.
Grant insert on Syslog. * TO 'rsyslog _ write' @ 'localhost' identified by 'password _ 123 ';
Grant select on Syslog. * TO 'rsyslog _ READ' @ 'localhost' identified by 'password _ 661 ';
3. install rsyslog
A. http://www.rsyslog.com/download the latest version
B. PATH = $ PATH:/usr/local/mysql/bin # because MySQL is manually installed, it is not in the environment variable, and rsyslog configure will find MySQL lib from the environment variable
C ../configure -- prefix =/usr/local/rsyslog -- enable-mysql # enable MySQL support and write logs to MySQL, which can be directly displayed on the front-end web. reports
D. Make install
E. Mysql-u root-p <./plugins/ommysql/createDB. SQL # import the db structure
F. Cp rsyslog. conf/etc/# Mo configuration file
G. ln-s/usr/local/rsyslog/sbin/rsyslogd # This step can be used
4. configure rsyslog
A. add $ ModLoad ommysql at the top of/etc/rsyslog. conf to load modules supported by mysql.
B. remove the # before the following two lines in/etc/rsyslog. conf and open the udp listening port.
$ ModLoad imudp. so # provides UDP syslog resume tion
$ UDPServerRun 514 # start a UDP syslog server at standard port 514
C. add the following two lines under/etc/rsyslog. conf and write the logs of local7 and user to mysql.
Local7. *: ommysql: 127.0.0.1, Syslog, rsyslog_write, password_123456
User. *: ommysql: 127.0.0.1, Syslog, rsyslog_write, password_123456
D. example of removing the link error log
: Msg, contains, "error: connect "~
5. replace syslog with rsyslog.
A. since rsyslog does not include a startup script, I made the following changes:
B. Cp/etc/init. d/syslog/etc/init. d/syslogd # retain the old syslog startup file for recovery
C. edit/etc/init. d/syslog: change all the paths in it to/usr/local/rsyslog/sbin/rsyslogd. g, you can change syslog to rsyslogd.
D. after the modification, the old syslog will be stopped and the new rsyslog will be enabled.
E./etc/init. d/syslogd stop; # stop the built-in
F./etc/init. d/syslog start # enable the new rsyslog
6. modify iptables and add ports in and out of the udp54 to prevent attacks.
A. Iptables-A RH-Firewall-1-INPUT-s 1.2.0.0/255.255.0.0-p udp-m udp -- dport 514-j ACCEPT
B. Iptables-A RH-Firewall-1-INPUT-s 3.4.0.0/255.255.0.0-p udp-m udp -- dport 514-j ACCEPT
7. install phplogcon
A. http://www.phplogcon.org/download the latest version
B. decompress the package to a directory and configure the apache vhost. these steps will not be written, which is a common operation.
C. access http: // 127.0.0.1/install. php for installation. enter the mysql account and password. All other options are default.
8. configure the log client
A. echo 'kern. *; user. * @ 1.2.3.4 '>/etc/syslog. conf on the web server
B./etc/init. d/syslog reload # restart syslogd
BitsCN.com