Rsyslog+loganalyzer+mysql+apache+php's lamp architecture to build a log server

Source: Internet
Author: User
Tags syslog rsyslog

When the server encountered a problem, operations engineer will be based on the log to analyze the problem, when hackers invade the server, the basic will delete the log, so as not to leave clues, so that the log is important to the server, so many companies will have their own log server, Let's learn how to build a log server and log Analysis tool.

1. The client and server must first be installed Rsyslog this software:

[Email protected] ~]# yum-y install Rsyslog

2. The client modifies the configuration file (1.4 is the log server)

[Email protected] ~]# grep-v "^$"/etc/rsyslog.conf | Grep-v "^#"

$ModLoad Imuxsock # provides support for local system logging (e.g. via Logger command)

$ModLoad Imklog # provides kernel logging support (previously do by RKLOGD)

$ActionFileDefaultTemplate Rsyslog_traditionalfileformat

$IncludeConfig/etc/rsyslog.d/*.conf

* * @192.168.1.4

*. *: Ommysql:192.168.1.4,syslog,syslogroot,syslogpass

local7.*/var/log/boot.log

Restart the service and run automatically when the modification is complete

[Email protected] ~]# service Rsyslog restart

Turn off the system logger: [OK]

Start the system logger: [OK]

[Email protected] ~]# chkconfig rsyslog on

3. Server Modification configuration file

[Email protected] ~]# grep-v "^$"/etc/rsyslog.conf | Grep-v "^#"

$ModLoad Imuxsock # provides support for local system logging (e.g. via Logger command)

$ModLoad Imklog # provides kernel logging support (previously do by RKLOGD)

$ModLoad IMUDP

$UDPServerRun 514

$ModLoad imtcp

$InputTCPServerRun 514

$Modload Ommysql

$ActionFileDefaultTemplate Rsyslog_traditionalfileformat

$IncludeConfig/etc/rsyslog.d/*.conf

*. *: Ommysql:192.168.1.4,syslog,syslogroot,syslogpass

local7.*/var/log/boot.log

Restart the server and start the operation automatically

~]# Service Rsyslog Restart

~]# Chkconfig Rsyslog on

4. Install the configuration database

~]# yum-y Install Mysql-server rsyslog-mysql

(2) Configuration database


[[email protected] ~]# rpm-ql rsyslog-mysql #首先查看rsyslog-mysql installation generated those files

/lib64/rsyslog/ommysql.so

/usr/share/doc/rsyslog-mysql-5.8.10

/usr/share/doc/rsyslog-mysql-5.8.10/createdb.sql #此sql文件就是需要导入到数据库中的数据文件

#

[Email protected] ~]# service mysqld start #启动mysqld服务

[email protected] ~]# MySQL #连接mysql

Welcome to the MySQL Monitor. Commands End With; or \g.

Your MySQL Connection ID is 2

Server version:5.1.73 Source Distribution

Copyright (c) and/or, Oracle, its affiliates. All rights reserved.

Oracle is a registered trademark of the Oracle Corporation and/or its

Affiliates. Other names trademarks of their respective

Owners.

Type ' help ', ' or ' \h ' for help. Type ' \c ' to clear the current input statement.

Mysql>

Mysql>

mysql> show databases;

+--------------------+

| Database |

+--------------------+

| Information_schema |

| MySQL |

| Test |

+--------------------+

3 Rows in Set (0.00 sec) #此时, only 3 libraries

#

Mysql> Source/usr/share/doc/rsyslog-mysql-5.8.10/createdb.sql; #导入rsyslog的数据文件

mysql> show databases;

+--------------------+

| Database |

+--------------------+

| Information_schema |

| Syslog |

| MySQL |

| Test |

+--------------------+

4 rows in Set (0.01 sec)

mysql> use Syslog; #Syslog即是记录日志文件的数据库

Reading table information for completion of table and column names

Can turn off this feature to get a quicker startup with-a

Database changed

Mysql> Show tables;

+------------------------+

| Tables_in_syslog |

+------------------------+

| SystemEvents |

| systemeventsproperties |

+------------------------+

2 rows in Set (0.00 sec)

#

#接下来, which is authorized for the Rsyslog server. This must be the IP of the Rsyslog server.

#如果写成各服务器的IP, that's wrong.

Mysql> Grant all on syslog.* to ' syslogroot ' @ ' 127.0.0.1 ' identified by ' liwai8888 ';

Query OK, 0 rows Affected (0.00 sec)

Mysql> Grant all on syslog.* to ' syslogroot ' @ ' 192.168.1.4 ' identified by ' liwai8888 ';

Query OK, 0 rows affected (0.04 sec)

mysql> flush Privileges;

Query OK, 0 rows Affected (0.00 sec)

Mysql> \q

Bye

5. Configuring the Lamp+loganalyzer Architecture

1. Install lamp environment


[[email protected] ~]# yum-y install httpd php php-mysql PHP-GD

[Email protected] ~]# mkdir/var/www/html/loganalyzer/

mkdir:created directory '/var/www/html/loganalyzer/'

2, decompression Loganalyzer source Package


[Email protected] ~]# Tar XF loganalyzer-3.6.5.tar.gz

[Email protected] ~]# CD loganalyzer-3.6.5

[Email protected] loganalyzer-3.6.5]#

[[email protected] loganalyzer-3.6.5]# ls

ChangeLog contrib COPYING Doc INSTALL src

[Email protected] loganalyzer-3.6.5]# mv src/*/var/www/html/loganalyzer/#src下是php的网页文件

[[email protected] loganalyzer-3.6.5]# ls contrib/

Configure.sh secure.sh

[[Email protected] loganalyzer-3.6.5]# mv contrib/*/var/www/html/loganalyzer/#contrib目录下的两个脚本, can open to see

#

[Email protected] loganalyzer-3.6.5]# cd/var/www/html/loganalyzer/

[Email protected] loganalyzer]# sh configure.sh #执行脚本

3, Configuration httpd

Modify DocumentRoot Web page root directory


[Email protected] ~]# vim/etc/httpd/conf/httpd.conf

DocumentRoot "/var/www/html/loganalyzer"

[[Email protected] ~]# service httpd start

4. Configure httpd and MySQL boot

[Email protected] ~]# chkconfig mysqld on

[Email protected] ~]# chkconfig httpd on

5. Create a Loganalyzer database and authorize

[[email protected] ~]# MySQL

Enter Password:

mysql> CREATE DATABASE Loganalyzer;

Query OK, 1 row affected (0.04 sec)

Mysql> Grant all on loganalyzer.* to [e-mail protected] ' 192.168.1.4 ' identified by ' liwai8888 ';

Query OK, 0 rows Affected (0.00 sec)

mysql> flush Privileges;

Query OK, 0 rows Affected (0.00 sec)

6. Configure the Installation interface

The main error in the case of the database and the database user name password, generally installed 2 times, the 2nd time must delete the inside of the config.php, and then run SH configure.sh in the next step to generate config.php. And then you can start using it. (I don't know why I can't copy pictures, so I can only talk about the errors and workarounds I've encountered).


This article is from the "innovation sharing gallop inside and out" blog, please be sure to keep this source http://10554846.blog.51cto.com/10544846/1679155

Rsyslog+loganalyzer+mysql+apache+php's lamp architecture to build a log server

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.