Implementing Rsyslog logs based on MySQL management

Experimental Summary:

This experiment hosts the system as CentOS 6.9 by default.

HOST1 host as Remote log client Installation: Rsyslog (default installation), Rsyslog-mysql

Host2 host as Log server installation: MySQL (default installation, can also install MARIADB 5 version)

HOST3 Host graphical Management installation:httpd php php-mysql php-gd loganalyzer

Rsyslog logging in MySQL

1, host1 installation Rsyslog-mysql

Yum install rsyslog-mysql-yrpm-ql rsyslog-mysql #查看生成的文件/lib64/rsyslog/ommysql.so #日志文件转数据库文件模块, log configuration files are used/usr/shar E/doc/rsyslog-mysql-5.8.10/usr/share/doc/rsyslog-mysql-5.8.10/createdb.sql #生成数据库脚本scp/usr/share/doc/ Rsyslog-mysql-5.8.10/createdb.sql Host2 #将数据库脚本发送给日志服务器

2. Host2 Database Configuration

Mysql_secure_installation #安全初始化mysql-uusername-hhost-ppassword < Createdb.sql #执行创建数据库脚本, a syslog database is generated mysql> GRANT all on syslog.* to ' USER ' @ ' HOST ' identified by ' PASSWORD '; #创建用户并授权例: GRANT all on syslog.* to ' loguser ' @ ' 172.18.%.% ' identified by ' magedu ';

3. host1 Modify Log configuration file rsyslog.conf

Vim/etc/rsyslog.conf$modload ommysql #新增加, enabling module file Facility.priority:ommysql:dbhost,dbname,dbuser, PASSWORD # Send the logs you want to log to the database server, as in the following example *.info:ommysql:172.18.22.77,syslog,loguser, Mageduservice rsyslog restart #重启服务

Second, through the Loganalyzer display the log in the database

1, host3 installation httpd php php-mysql PHP-GD

Yum install httpd php php-mysql php-gd-y

2. Test Database Connectivity

Close the Host2, Host3 Firewall, and selinuxvim /var/www/html/index.php     #编辑测试文件if (Mysqli_connect_errno ()) {echo  "Connection database failed!"; $mysqli =null;exit;} echo  "Connection database succeeded!"; $mysqli->close ();p hpinfo ();                                                                                                                                                                                            ?>service httpd start  visit  ip

650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M00/08/7C/wKiom1njDiSAgL1eAAC-cqzSinI825.png "title=" 1.png "alt=" wkiom1njdisagl1eaac-cqzsini825.png "/> Connection succeeded.

3, Configuration Loganalyzer

#访问改地址进行配置

Click Next in the first few steps to proceed directly to step 7, which requires your own hand-filled configuration

650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M00/A7/31/wKioL1njDj2jk9d0AADkGx5fZhQ699.png "title=" 2.png "alt=" Wkiol1njdj2jk9d0aadkgx5fzhq699.png "/>

Finally click Finish to access the admin page.

4. Security strengthening

Cd/var/www/html/loganalyzerchmod 644 config.php

This article is from the Linux OPS blog, so be sure to keep this source http://arm2012.blog.51cto.com/2418467/1972488

Implementing Rsyslog logs based on MySQL management