Rsyslog Log Management (Mariadb+loganalyzer)

Here is a simple local lamp structure, MySQL is used to store the logs sent by the Rsyslog service, PHP is used to run the Loganalyzer program.

Loganalyzer is a PHP application used to display logs stored in MySQL.

Loganalyzer:

Http://download.adiscon.com/loganalyzer/loganalyzer-4.1.3.tar.gz

Directory:

1, install lamp.

3, MySQL to Rsyslog authorized storage log.

Note: time synchronization .

Loganalyzer System: CentOS 7.1

1, install lamp:

[email protected] ~]# yum install httpd php php-mysql mariadb-server-y

Test Web available (Add PHP test page):

[Email protected] ~]# vim/var/www/html/index.php<?php phpinfo ();? >

[Email protected] ~]# systemctl start httpd #启动httpd服务. [Email protected] ~]# systemctl start mariadb #启动mysql服务.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/7A/01/wKiom1agf-HzxB0TAAAjDYIyuFA426.jpg "title=" 247. JPG "alt=" wkiom1agf-hzxb0taaajdyiyufa426.jpg "/>

2, Client Note2:

Install Rsyslog-mysql to support MySQL series databases:

[[email protected] ~]# yum install rsyslog-mysql-y[[email protected] ~]# rpm-ql rsyslog-mysql/lib64/rsyslog/ommysql.so #支持模块 (library). /usr/share/doc/rsyslog-mysql-5.8.10/usr/share/doc/rsyslog-mysql-5.8.10/createdb.sql

At the very end is an SQL script that automatically generates databases and tables. We here MySQL is just installed, there is no remote management users, so copy to MySQL host to import a bit.

[Email protected] ~]# Scp/usr/share/doc/rsyslog-mysql-5.8.10/createdb.sql 172.16.40.10:/root

Lamp Host:

[email protected] ~]# MySQL </root/createdb.sql #也可以在mysql交互界面用source来导入. [[email protected] ~]# mysql-e ' SHOW DATABASES; ' +--------------------+| Database |+--------------------+| Information_schema | |        Syslog | #生成了Syslog数据库. | MySQL | | Performance_schema | | Test |+--------------------+

To the client authorized user:

MariaDB [syslog]> GRANT INSERT on syslog.* to ' loguser ' @ ' 172.16.40.% ' identified by ' ABCDEFG ';

Note2:

[Email protected] ~]# vim/etc/rsyslog.conf

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/7A/01/wKiom1agg-Xy1HFqAAB5tAPu160522.jpg "title=" 248. JPG "alt=" wkiom1agg-xy1hfqaab5tapu160522.jpg "/>

Change it in the Rules section.

650) this.width=650; "src=" http://s1.51cto.com/wyfs02/M00/7A/00/wKioL1aghxixEE-jAAAvyDgoNr0979.jpg "title=" 250. JPG "alt=" wkiol1aghxixee-jaaavydgonr0979.jpg "/>

I put the original saved to messages record, sent to the database 172.16.40.10.

: ommysql:dbhost,db,dbuser,dbuserpasswd

Restart the Rsyslog service (client is CENTOS6):

[[Email protected] ~]# service Rsyslog restartshutting down system logger: [OK]starting System logger: [OK]

Here yum installs something to try and see if there is a record in MySQL.

I've uninstalled the zsh here with Yum and it's already been recorded.

MariaDB [syslog]> SELECT * from syslog.systemevents\g.....*************************** 5. Row *************************** id:5 customerid:null receivedat:2016-01-21 15:28:13devicer eportedtime:2016-01-21 15:28:13 facility:1 priority:6 fromhost:node2 message:er         Ased:zsh ..... SYSLOGTAG:YUM[1802]: .....

And there is also a record of Rsyslog startup.

Client 2 (Node1):

The process is the same, but you don't have to import that SQL script anymore.

[[email protected] ~]# yum install rsyslog-mysql-y[[email protected] ~]# vim/etc/rsyslog.conf#### MODULES # # # # $ModLoad O Mmysql #模块 # The Imjournal module bellow is now used as a message source instead of Imuxsock. $ModLoad Imuxsock # Pro Vides support for local system logging (e.g. via logger command) $ModLoad imjournal # provides access to the SYSTEMD Journa l.....#### RULES ####*.info;mail.none;authpriv.none;cron.none:ommysql:172.16.40.10,syslog,loguser,abcdefg

Restart Service, CENTOS7

[Email protected] ~]# systemctl restart Rsyslog

Lamp Host:

Mysql

7. Row *************************** id:7 customerid:null receivedat:2016-01-21 15:40:38devicer eportedtime:2016-01-21 15:40:38 facility:5 priority:6 fromhost:node1 Message: [o Rigin software= "Rsyslogd" swversion= "7.4.7" x-pid= "1545" x-info= "http://www.rsyslog.com"] Start

The logs are coming up.

Let's install the Loganalyzer again.

LAMP:

You can view the Syslog library for PHP authorization. Which friend can hint, why use SELECT Permission not. 650) this.width=650; "src=" Http://img.baidu.com/hi/jx2/j_0063.gif "alt=" J_0063.gif "/>

MariaDB [(None)]> GRANT all on syslog.* to ' loganalyzer ' @ ' localhost ' identified by ' ABCDEFG '; Query OK, 0 rows affected (0.01 sec)

[Email protected] ~]# tar xf loganalyzer-4.1.3.tar.gz [[email protected] ~]# CD Loganalyzer-4.1.3[[email protected] Logan alyzer-4.1.3]# Lschangelog contrib COPYING doc INSTALL src

The SRC directory is the PHP code. Copy to/var/www/html/below. There are two scripts in the contrib directory, and the content is simple, just to create config.php and change the permissions for this file to 666.

[Email protected] loganalyzer-4.1.3]# CP-RF src/*/VAR/WWW/HTML/CP: Do you want to overwrite "/var/www/html/index.php"? Y

Take a look at the two scripts:

[email protected] loganalyzer-4.1.3]# cat contrib/configure.sh #!/bin/shtouch config.phpchmod 666 config.php[[email Protected] loganalyzer-4.1.3]# cat contrib/secure.sh #!/bin/shchmod 644 config.php

Set to 666 only for PHP programs that have permission to write to the configuration.

[[email protected] loganalyzer-4.1.3]# CP contrib/configure.sh/var/www/html/[[email protected] loganalyzer-4.1.3]# CD /var/www/html/[[email protected] html]# bash configure.sh

You can now open the Web page to complete the installation.

650) this.width=650; "src=" http://s4.51cto.com/wyfs02/M02/7A/03/wKiom1agkEOBCRNlAAB5UCmVgV4719.jpg "style=" float: none; "title=" 251.jpg "alt=" Wkiom1agkeobcrnlaab5ucmvgv4719.jpg "/>

650) this.width=650; "src=" http://s5.51cto.com/wyfs02/M02/7A/01/wKioL1agkIGDT_K9AAAuto3Igvw689.jpg "style=" float: none; "title=" 252.jpg "alt=" Wkiol1agkigdt_k9aaauto3igvw689.jpg "/>

650) this.width=650; "src=" http://s4.51cto.com/wyfs02/M01/7A/01/wKioL1agkIKiQUSZAABSvohUZ8g917.jpg "style=" float: none; "title=" 254.jpg "alt=" Wkiol1agkikiquszaabsvohuz8g917.jpg "/>

The configuration file does not have write permissions.

[email protected] html]# ll config.php-rw-rw-rw-. 1 root root 0 January 15:59 config.php[[email protected] html]# getenforceenforcing[[email protected] html]# Setenforce 0

is a problem with SELinux, the command to modify the restart fails. You can change the selinux=enforcing in the/etc/selinux/config file to disabled.

650) this.width=650; "src=" http://s5.51cto.com/wyfs02/M02/7A/03/wKiom1agkXqQdGV0AABg82zcTCg833.jpg "title=" 255. JPG "alt=" wkiom1agkxqqdgv0aabg82zctcg833.jpg "/>

650) this.width=650; "src=" http://s4.51cto.com/wyfs02/M00/7A/04/wKiom1agp4WgQx5_AACNKXY3o3Q043.jpg "style=" float: none; "title=" 263.jpg "alt=" Wkiom1agp4wgqx5_aacnkxy3o3q043.jpg "/>

This is done by default.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/7A/04/wKiom1agp4eg5mRJAADf4-FKWpY487.jpg "style=" float: none; "title=" 264.jpg "alt=" Wkiom1agp4eg5mrjaadf4-fkwpy487.jpg "/>

The same is true for PDO, which is a different connector.

The next step is complete.

650) this.width=650; "src=" http://s4.51cto.com/wyfs02/M00/7A/03/wKioL1agqd2xvJHbAABf6U_yo9w315.jpg "title=" 266. JPG "alt=" wkiol1agqd2xvjhbaabf6u_yo9w315.jpg "/>

You also need to install the PHP-GD library to display the chart.

If you are using Rsyslog itself to do log centralized storage.

Client:

*.info;mail.none;authpriv.none;cron.none @172.16.40.10

Service side:

650) this.width=650; "src=" http://s1.51cto.com/wyfs02/M02/7A/03/wKioL1agqtyBjxVDAADfKl_58M0720.jpg "title=" 267. JPG "alt=" wkiol1agqtybjxvdaadfkl_58m0720.jpg "/>

UDP,TPC only open one can, open two kinds also can.

This thing doesn't feel good, and there are a lot of problems. Service class log is not used Rsyslog to record, the above database part is also used Rsyslog to record, the database is just storage.

Complementary Point concept:

Syslog System log is a service dedicated to logging system logs above the CentOS5 is called a syslog.
Process and software name: SYSLOGD system Log, KLOGD records the kernel.
And in CentOS6 or 7 above is called Rsyslog, enhanced version of. Process only RSYSLOGD

Log:
Facility: Log facilities classify logs from functions or programs and are responsible for logging by specialized tools.
AUTH Certification
Authpriv Authorization
Cron Task Schedule About Crontab
Daemon Daemon Process Related
Kern kernel-related
LPR Printing
Mail message
Mark Firewall Tag
News Newsgroups
Security-related
Syslog system logs themselves or are not categorized.
User's information about individual users
UUCP a long time ago unic to UNIC to replicate the data of the protocol, is now rarely seen.
Local1---LOCAL7 8 categories that can be customized

Priority: Level
Logs that are logged are the levels and higher-level logs that are set. If you record info, it contains the Notice,warning.....emerg.
Debug Debugging All information
Info program normal record information
Notice note that the exception information.
Warning warning message
ERR error message
Crit Orange Alert
Alert Red Alert
Emerg/panic hanging out of the message

Specify the level:
* indicates all levels
None No Level
Priority directly specifies a level that contains all above this level
=priorty This level only

Define the level and category of a log to be specified by: category. Level log storage path.
Facitlity.priority Target

The mechanism of the pass distribution:
* All
List
！ Take counter
Such as:

Mail.info/var/log/maillog info and info levels
Mail.=info/var/log/maillog only Info-level logs.
mail.! Info is all levels above except info.
*.info all category info and info levels.
Mail,news.info Mail,news all use the info level.

Target: Log Location
1. Documents, such as:/var/log/messages
2. User, * indicates all users.  Sent to the user. Such as: The system hangs the information.
3. Log server, such as: @172.16.100.1
4. Pipe command such as: issued to a certain order processing.
5.-The start represents an asynchronous store.

Configuration file:
/etc/rsyslog.conf CentOS5 is syslog.conf.

After the log storage file has changed, restart the Rsyslog service. If you open the messages file with Vim.
Otherwise the Rsyslog service will no longer save the log for this data file.

650) this.width=650; "src=" Http://img.baidu.com/hi/jx2/j_0022.gif "alt=" J_0022.gif "/>

This article is from the "Big Tomato" blog, be sure to keep this source http://fanqie.blog.51cto.com/9382669/1737345

Rsyslog Log Management (Mariadb+loganalyzer)