Rsyslog + mysql_MySQL

Rsyslog + mysql bitsCN.com

1. install MySQL

A ../configure -- prefix =/usr/local/mysql -- with-charset = utf8

B. make install

2. configure MySQL, add a write-only account and a read-only account. write-only accounts write logs to rsyslog in mysql. read-only accounts are used on front-end web pages.

Grant insert on Syslog. * TO 'rsyslog _ write' @ 'localhost' identified by 'password _ 123 ';

Grant select on Syslog. * TO 'rsyslog _ READ' @ 'localhost' identified by 'password _ 661 ';

3. install rsyslog

A. http://www.rsyslog.com/download the latest version

B. PATH = $ PATH:/usr/local/mysql/bin # because MySQL is manually installed, it is not in the environment variable, and rsyslog configure will find MySQL lib from the environment variable

C ../configure -- prefix =/usr/local/rsyslog -- enable-mysql # enable MySQL support and write logs to MySQL, which can be directly displayed on the front-end web. reports

D. Make install

E. Mysql-u root-p <./plugins/ommysql/createDB. SQL # import the db structure

F. Cp rsyslog. conf/etc/# Mo configuration file

G. ln-s/usr/local/rsyslog/sbin/rsyslogd # This step can be used

4. configure rsyslog

A. add $ ModLoad ommysql at the top of/etc/rsyslog. conf to load modules supported by mysql.

B. remove the # before the following two lines in/etc/rsyslog. conf and open the udp listening port.

$ ModLoad imudp. so # provides UDP syslog resume tion

$ UDPServerRun 514 # start a UDP syslog server at standard port 514

C. add the following two lines under/etc/rsyslog. conf and write the logs of local7 and user to mysql.

Local7. *: ommysql: 127.0.0.1, Syslog, rsyslog_write, password_123456

User. *: ommysql: 127.0.0.1, Syslog, rsyslog_write, password_123456

D. example of removing the link error log

: Msg, contains, "error: connect "~

5. replace syslog with rsyslog.

A. since rsyslog does not include a startup script, I made the following changes:

B. Cp/etc/init. d/syslog/etc/init. d/syslogd # retain the old syslog startup file for recovery

C. edit/etc/init. d/syslog: change all the paths in it to/usr/local/rsyslog/sbin/rsyslogd. g, you can change syslog to rsyslogd.

D. after the modification, the old syslog will be stopped and the new rsyslog will be enabled.

E./etc/init. d/syslogd stop; # stop the built-in

F./etc/init. d/syslog start # enable the new rsyslog

6. modify iptables and add ports in and out of the udp54 to prevent attacks.

A. Iptables-A RH-Firewall-1-INPUT-s 1.2.0.0/255.255.0.0-p udp-m udp -- dport 514-j ACCEPT

B. Iptables-A RH-Firewall-1-INPUT-s 3.4.0.0/255.255.0.0-p udp-m udp -- dport 514-j ACCEPT

7. install phplogcon

A. http://www.phplogcon.org/download the latest version

B. decompress the package to a directory and configure the apache vhost. these steps will not be written, which is a common operation.

C. access http: // 127.0.0.1/install. php for installation. enter the mysql account and password. All other options are default.

8. configure the log client

A. echo 'kern. *; user. * @ 1.2.3.4 '>/etc/syslog. conf on the web server

B./etc/init. d/syslog reload # restart syslogd

BitsCN.com