As a system operation and maintenance engineer, normal view analysis Linux system log I think we must do the homework every day, but a long time will find that every time we look at the site logs have to go into the background, several servers can also deal with, but if the management of hundreds of online servers, this approach is stretched.
Then I thought about whether I can have a log server centralized management of the log, and the Web to display the log to the front desk for easy viewing, immediately the idea of code words spontaneously, hehe.
I have a habit, that is to see the group or online in the circle of the more approved Linux system software first saved in the memo, lightly down research, just before a friend mentioned Rsyslog+loganalyzer central management log, so today just took the time to study the next, Although the process has twists and turns (online documents all kinds of pits fall), finally or use a day to finish, to share their understanding to build, for reference only.
This document is to use Rsyslog+loganalyzer+mysql to centralize the system log of all Linux servers in the network to the log server, and all logs will be stored in the MySQL database table.
Note: Loganalyzer has two save modes in obtaining the client log, one is to read the log in the client/var/log/directory directly and save it to the server side of the directory, one is read and saved to the Log servers database, this document recommends the latter
Solution:
I. Environmental deployment
Operating system: centos6.3 x64
Rsyslog: System default Yum Source
loganalyzer:loganalyzer-3.6.3
lamp:httpd-2.4.4,mysql-5.6.10,php-5.4.13
Rsyslog server:192.168.7.201 lamp.example.com
Rsyslog client:192.168.7.74 www2.example.com
1. Install lamp environment
This BO transmission door: http://showerlee.blog.51cto.com/2047005/1174141
2. Close Iptables and SELinux
# Service Iptables Stop
Note: Here to open the Iptables service to increase system security
Server side needs to add Rsyslog UDP 514 port and Loganalyzer TCP 80 Port Pass Rule
# iptables-a input-p UDP--dport 514-j ACCEPT
# iptables-p OUTPUT ACCEPT
# iptables-a input-p TCP--dport 80-j ACCEPT
The client simply adds output through the rule
# iptables-p OUTPUT ACCEPT
From the rule visible, the Rsyslog server end is passive fetch data, the client side is to send the data voluntarily
Close friends of Iptables can ignore.
# Setenforce 0
# Vi/etc/sysconfig/selinux
---------------
Selinux=disabled
---------------
3. Sync Time
# ntpdate Asia.pool.ntp.org