Rsyslog Introduction and combining Loganalyzer for log analysis

1.syslog Introduction:

The Log service defaults to syslog on CentOS 5, and all 6 are upgraded to Rsyslog. Rsyslog is an enhanced version of Syslog and offers many advanced features. Syslog consists of two processes, KLOGD and SYSLOGD,KLOGD record kernel generated log information, while SYSLOGD is normal log information. In addition to some advanced features, the overall framework of Rsyslog and Syslog is basically the same.

Features of the 2.Rsyslog:

Support Select udp| TCP protocol transfer log file;

Support SSL encryption;

Multithreading model work;

The log can be put into a relational database;

Can be used as a log server to receive the logs sent by other servers;

3. Level of Log

The level of logging is the logging level, and syslog divides the log level into the following (the low level defaults to include high-level log information):

Debug	Debug level, all information will be logged
Info	Slightly higher than the debug level
Notice	Notification information, higher than the info level
Warning	Issue a warning
Err,error	Error occurred
Crit	More serious than err
Alert	The system is having serious problems
Emerg,panic	The system is going to be hung out

4.syslog Facilities

Syslog divides different logs into several classes, which are called facilities:

Auth	Certification Information
Authpriv	Licensing information
Cron	Information generated by Scheduled tasks
Daemon	Information generated by the daemon process
Kern	Information generated by the kernel
Lpr	Printed information
Mail	Message-Related information
Mark	Firewall-Tagged information
News	Newsgroup information
Security	Security-related information
Syslog	System log
User	User-related information
Uucp	Replication related between UNIX
LOCAL{0-7}	User-defined log class, divided into 7 levels

Configuration of 5.rsyslog:

The Rsyslog configuration file is/etc/rsyslog.conf and/etc/rsyslogd/*.conf.

The/etc/rsyslog.conf file is divided into four "regions":

MODULES	Module for Syslog
GLOBAL	Global definition, format of records, etc.
RULES	Logging related
Begin forwarding Rule	Some of the forwarded record information

We primarily care about the rules area, in order for Rsyslog to record a specific class, level of log, it needs to be defined in the rules, in the format:

Facility (facility). Priority (log level) Target (the location of the log output)

Note:

The log level, the facility can use a wildcard character:

*: All Levels

,: List, for example: A,b,c is a, B, c three levels

!: Take counter

There are about four types of records used:

files, such as/var/log/message

User, sent to the specified user, * for all users

Log server: @172.16.10.1

Pipeline: | command is given to specific commands to handle

For example:

Mail.info/var/log/maillog log information for info and above in mail type Mail.=info/var/log/maillog records only log information at info level in Maill type mail.! Info/var/log/maillog log information for the following levels of info in the mail type mail.! =info/var/log/maillog log information in the mail type in addition to the info level *.info/var/log/maillog log information for all info and above levels Mail,news.info-/ Var/log/maillog log information in mail type, news type info and above, and write files asynchronously

Second, the configuration of Rsyslog and Loganalyzer combined work:

1. Introduction

Loganalyzer is a web interface log analysis tool that can analyze log information in MySQL, written by PHP, and relies on the lamp platform. To write log information to MySQL, you need to install the Rsyslog-mysql tool and enable the Rsyslog module.

2. Install lamp and related documents:

[[email protected] ~]# yum install-y httpd mysql mysql-server php php-mysql rsyslog-mysql

3. Import the Rsyslog-mysql SQL file (create Library, table) and create a user:

[[Email protected] ~]# service mysqld start[[email protected] ~]# mysql-uroot </usr/share/doc/rsyslog-mysql-5.8.10/  Createdb.sql[[email protected] loganalyzer]# mysql mysql> GRANT all on syslog.* to ' loganauser ' @ ' localhost ' identified By ' Redhat '; Mysql> GRANT all on syslog.* to ' loganauser ' @ ' 127.0.0.1 ' identified by ' Redhat ';

4. Configure Rsyslog Load Ommysql module (module written to MySQL database):

[[email protected] ~]# vim/etc/rsyslog.conf added in modules area: $ModLoad ommysql[[email protected] loganalyzer]# service Rsy                                    Slog restartshutting down system logger: [OK]starting System Logger: [OK] [Email protected] loganalyzer]#

5. Download the Loganalyzer and unzip to the/var/www/loganalyzer directory for configuration:

[[email protected] ~]# tar-xf loganalyzer-v3.6.1.tar.gz[[email protected] ~]# CD Loganalyzer-3.6.1/[[email protected] Lo ganalyzer-3.6.1]# MV src//var/www/loganalyzer[[email protected] loganalyzer-3.6.1]# mv contrib/*/var/www/loganalyzer /[[email protected] loganalyzer-3.6.1]# cd/var/www/loganalyzer/[[email protected] loganalyzer]# chmod +x configure.sh Secure.sh[[email protected] loganalyzer]#./configure.sh [[email protected] loganalyzer]#./secure.sh [[Email protected ] loganalyzer]# rm-rf configure.sh secure.sh [[email protected] loganalyzer]# chown-r Apache.apache *

6. Configure httpd default home page is index.php and start:

[Email protected] loganalyzer]# vim/etc/httpd/conf/httpd.conf directoryindex index.php[[email protected] Loganalyzer ]# service httpd startstarting httpd: [OK][[email protected] loganalyzer]#

7. Open the http://hostname/loganalyzer/install.php installation:

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/79/1B/wKiom1aJET7A6nuCAACrG9lX9h0641.png "style=" float: none; "title=" One.png "alt=" Wkiom1ajet7a6nucaacrg9lx9h0641.png "/>

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/79/1A/wKioL1aJEWLhtHfSAAC9yOq9FVY449.png "style=" float: none; "title=" Two.png "alt=" Wkiol1ajewlhthfsaac9yoq9fvy449.png "/>

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/79/1A/wKioL1aJEWLzUmgwAAD-dwM5Kuk764.png "style=" float: none; "title=" 3.png "alt=" Wkiol1ajewlzumgwaad-dwm5kuk764.png "/>

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/79/1B/wKiom1aJEUDzbP8uAAEL1jfS-Po603.png "style=" float: none; "title=" 4.png "alt=" Wkiom1ajeudzbp8uaael1jfs-po603.png "/>

650) this.width=650; "src=" http://s2.51cto.com/wyfs02/M01/79/1B/wKiom1aJEUGCZjwLAADirb1y9kc363.jpg "style=" float: none; "title=" 5.jpg "alt=" Wkiom1ajeugczjwlaadirb1y9kc363.jpg "/>

650) this.width=650; "src=" http://s1.51cto.com/wyfs02/M01/79/1A/wKioL1aJEWXiGvp_AAFlZfTsCQ4328.jpg "style=" float: none; "title=" 6.jpg "alt=" Wkiol1ajewxigvp_aaflzftscq4328.jpg "/>

8. Configure Syslog to write logs to the MySQL database:

[Email protected] loganalyzer]# vim/etc/rsyslog.conf *.info:ommysql:127.0.0.1,syslog,loganauser,redhat[[email p  Rotected] loganalyzer]# service rsyslog restartshutting down system logger: [OK]starting System logger: [OK][[email protected] loganalyzer]#

9. Refresh the page view log already has two records:

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/79/1B/wKiom1aJEnGgdHkLAAGE8KgJd3U792.png "title=" 1.png " alt= "Wkiom1ajenggdhklaage8kgjd3u792.png"/>

This article is from the "Systemcall Community" blog, so be sure to keep this source http://minux.blog.51cto.com/8994862/1731119

Rsyslog Introduction and combining Loganalyzer for log analysis