Rsyslog installation Configuration

4.1 Check if the Rsyslog software is installed

# Rpm-qa|grep Rsyslog//The software is installed on the default system

4.2 Installing Rsyslog modules connected to MySQL database

# yum Install Rsyslog-mysql–y

Rsyslog-mysql a module for Rsyslog to send logs to the MySQL database, which must be installed.

5.1 Importing Rsyslog-mysql database files

# cd/usr/share/doc/rsyslog-mysql-5.8.10/

# mysql-uroot-pabc123 < Createdb.sql

5.2 Create Rsyslog user rights under MySQL

# mysql-uroot–p

Mysql> Grant all on syslog.* to [e-mail protected] identified by ' 123456 ';

mysql> flush Privileges;

Mysql> exit

5.3 Configure the service side to support the Rsyslog-mysql module and turn on the UDP service port to get other Linux system logs in the network

# vi/etc/rsyslog.conf

$ModLoad Ommysql

*. *: ommysql:localhost,syslog,rsyslog,123456

Add the top two lines under # # # # MODULES # # # #

Description: localhost indicates a local host, Syslog is the database name, Rsyslog is the user of the database, and 123456 is the user password.

5.4 Opening the relevant log module

# vi/etc/rsyslog.conf

$ModLoad Immark #immark是模块名, support log tagging

$ModLoad imudp #imupd是模块名, support UDP protocol

$UDPServerRun 514 #允许514端口接收使用UDP和TCP协议转发过来的日志

5.5 Restart Rsyslog Service

#/etc/init.d/rsyslog Restart

Systemctl Restart Rsyslog

=================================

Log Client under Window ( sent to rsyslog):evtsys

Evtsys-i-H 192.168.190.199-l 3 Client Installation

Evtsys-u Client Offload

-H: Specify the syslog server

-l option to send log information above the specified level:

0=all/verbose, 1=critical, 2=error, 3=warning, 4=info

Generate log information manually (for testing) under Windows:

eventcreate/t error/id 1000/l application/d "error message "

Rsyslog installation Configuration