Lamp based on Rsyslog+loganalyzer for centralized log management and analysis

Objective

As an operations engineer, viewing the analysis system log is a daily homework, but every time you look at the log is a server one server to see, several servers can also deal with this, but if you manage hundreds of thousands of online servers, this method is stretched. So we need to use the log server, but how can it be more intuitive to display it? Loganalyzer is a good choice, this article will explain how to use rsyslog+loganalyze to achieve unified management and analysis of the log.

Brief introduction

The Loganalyzer is a web front-end for syslog logs and other network event data that provides a simple browsing, searching, basic analysis, and some chart-reporting capabilities for logs.

Deployment process

Environment Introduction

System Environment: CentOS6.6

Rsyslog: System comes with

loganalyzer:loganalyzer3.6.5 (with Chinese language pack)

Web server: 172.16.10.100 (httpd-2.4.9, same as log client)

PHP Server: 172.16.10.110 (php-5.5.26)

Database server: 172.16.10.211 (MariaDB-5.5.36)

Log server: 172.16.10.212

DNS server: 172.16.10.10

Log server and Client configuration

Server-side

[[email protected] ~]# vim/etc/rsyslog.conf # provides UDP syslog reception$modload Imudp$udpserverrun 514 # provides TCP syslog reception$modload Imtcp$inputtcpserverrun 514

Restart the service to view the listening port

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6B/F3/wKioL1U7jLzyUcCcAAC8L-KSKzM881.jpg "title=" 01.jpg "alt=" Wkiol1u7jlzyucccaac8l-kskzm881.jpg "/>

Customer Service side

[[email protected] ~]# vim/etc/rsyslog.conf# change all log storage locations from local to log server *.info;mail.none;authpriv.none;cron.none @172. 16.10.212 #指定日志服务器

Restart Service

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6B/F6/wKiom1U7i27xHQO3AABUIOqRdwE977.jpg "title=" 02.jpg "alt=" Wkiom1u7i27xhqo3aabuioqrdwe977.jpg "/>

Service-side View Log

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6B/F3/wKioL1U7jOLjVP7_AACJMVkccqI371.jpg "title=" 03.jpg "alt=" Wkiol1u7joljvp7_aacjmvkccqi371.jpg "/>

Log reception is OK, the log server is already working properly

Next we have the log server pass the log to the database server

Install the required packages

[email protected] ~]# Yum install rsyslog-mysql-y #提供传输模块

View the Rsyslog-mysql build file and create the resulting database file to the database

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6B/F6/wKiom1U7i5OzPod5AAD0d_LIH7A160.jpg "title=" 04.jpg "alt=" Wkiom1u7i5ozpod5aad0d_lih7a160.jpg "/>

Log server configuration Stop first, we configure the database first

Database Server Configuration

Import Database

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6B/F3/wKioL1U7jQyhOU2GAAJE_iGEHOo129.jpg "title=" 05.jpg "alt=" Wkiol1u7jqyhou2gaaje_igehoo129.jpg "/>

Authorized users

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6B/F6/wKiom1U7i7uT1_rWAACmxLpN7eQ772.jpg "title=" 06.jpg "alt=" Wkiom1u7i7ut1_rwaacmxlpn7eq772.jpg "/>

Database configuration Complete We return to the log server

[Email protected] ~]# vim/etc/rsyslog.conf #添加此项 $ModLoad ommysql# Modify this, point to the database *.info;mail.none;authpriv.none; Cron.none:ommysql:172.16.10.211,syslog,rsysloguser,rsyslogpass

Restart Service

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6B/F3/wKioL1U7jS7A_LVvAABXUFXPZbY140.jpg "title=" 07.jpg "alt=" Wkiol1u7js7a_lvvaabxufxpzby140.jpg "/>

To see if the log information is already in the database

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6B/F6/wKiom1U7i-WDNlVcAASLcJjFgqo484.jpg "title=" 08.jpg "alt=" Wkiom1u7i-wdnlvcaaslcjjfgqo484.jpg "/>

has been transferred, the log server connected to the database is successful, then the installation of Loganalyzer

DNS Server configuration

To modify a positive and Negative zone file

Forward zone file

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6B/F3/wKioL1U7jWfzTDZaAACyMxpLFEo703.jpg "title=" 09.jpg "alt=" Wkiol1u7jwfztdzaaacymxplfeo703.jpg "/>

Reverse zone file

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6B/F6/wKiom1U7jBeTXbxaAACj-QPq0fI968.jpg "title=" 10.jpg "alt=" Wkiom1u7jbetxbxaaacj-qpq0fi968.jpg "/>

Check syntax, start service

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6B/F3/wKioL1U7jY2TVHS7AAG1slhM-JA577.jpg "title=" 11.jpg "alt=" Wkiol1u7jy2tvhs7aag1slhm-ja577.jpg "/>

Web server Configuration

Loganalyzer as the Web front end of the log, should only allow administrator access, so we do a user-based access control

This time we use the virtual host, of course, we can use the central host, this random

[Email protected] ~]# vim/etc/httpd24/httpd.conf #关闭中心主机 #documentroot "/usr/local/apache/htdocs" #启用虚拟主机Include/etc /httpd24/extra/httpd-vhosts.conf

Configuring a virtual Host

[[email protected] ~]# vim /etc/httpd24/extra/httpd-vhosts.conf <virtualhost  *:80>    documentroot  "/web/log"     ServerName  log.scholar.com    proxyrequests off           #关闭正向代理     proxypassmatch ^/(. *\.php) $ fcgi://172.16.10.110:9000/web/log/$ 1  #代理至php服务器 <Directory  "/web/log" >          options none         allowoverride authconfig          AuthType Basic              #认证方式          AuthName  "Log  area. "      #质询时弹出的提示信息          authuserfile / Etc/httpd24/.htpasswd  #用户账号密码存放位置          require valid-user   # Accessible to all legitimate users, and can also be used to define single user and group certifications </Directory></VirtualHost>

Provide certification documents

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6B/F3/wKioL1U7jZ_QhMoeAABfqXPl6Ao709.jpg "title=" 12.jpg "alt=" Wkiol1u7jz_qhmoeaabfqxpl6ao709.jpg "/>

Prepare Loganalyzer

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6B/F6/wKiom1U7jIOhcEFdAADssu0xGcc583.jpg "title=" 13.png "alt=" Wkiom1u7jiohcefdaadssu0xgcc583.jpg "/>

When you are ready, you need to pass the file to a PHP server, or the PHP server will do the same, and the location will be consistent with the Web server.

Check syntax, start service

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6B/F3/wKioL1U7jfjjBlVHAABKHRSYlgM079.jpg "title=" 14.jpg "alt=" Wkiol1u7jfjjblvhaabkhrsylgm079.jpg "/>

Installing Loganalyzer

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6B/F3/wKioL1U7k7KCm4B4AAFzxDJ8hnY534.jpg "title=" 15.jpg "alt=" Wkiol1u7k7kcm4b4aafzxdj8hny534.jpg "/>

Requires identity authentication, user-based access control complete

Enter the user and password to continue

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6B/F3/wKioL1U7lKzQdhvRAAHwKHSyGBQ898.jpg "title=" 16.jpg "alt=" Wkiol1u7lkzqdhvraahwkhsygbq898.jpg "/>

Tip No configuration file, click here to enter the installation Wizard

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6B/F6/wKiom1U7k7XD3PC4AAMF9S0gPGA833.jpg "title=" 17.jpg "alt=" Wkiom1u7k7xd3pc4aamf9s0gpga833.jpg "/>

Next continue

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6B/F3/wKioL1U7lVrARBYGAAMNW0EIsD4590.jpg "title=" 18.jpg "alt=" Wkiol1u7lvrarbygaamnw0eisd4590.jpg "/>

Make sure this file is writable and continue

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6B/F7/wKiom1U7lC-AxINIAARxeSP4plY026.jpg "title=" 19.jpg "alt=" Wkiom1u7lc-axiniaarxesp4ply026.jpg "/>

Create a user database and continue

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6B/F3/wKioL1U7lhjgWfzlAARPPYvHVxk418.jpg "title=" 20.jpg "alt=" Wkiol1u7lhjgwfzlaarppyvhvxk418.jpg "/>

CREATE TABLE, continue

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6B/F3/wKioL1U7lqeAqN4vAAMWKbMdGVg855.jpg "title=" 21.jpg "alt=" Wkiol1u7lqeaqn4vaamwkbmdgvg855.jpg "/>

Check SQL results, Next

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6B/F3/wKioL1U7lziSLWGIAAOB9yIoKkI909.jpg "title=" 22.jpg "alt=" Wkiol1u7lzislwgiaaob9yiokki909.jpg "/>

Create an administrative user, Next

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6B/F7/wKiom1U7lgOAs3yDAAPhu9hF3wM255.jpg "title=" 23.jpg "alt=" Wkiom1u7lgoas3ydaaphu9hf3wm255.jpg "/>

Create a log system, Next

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6B/F7/wKiom1U7llOiaoE0AAOAadErp7A164.jpg "title=" 24.jpg "alt=" Wkiom1u7lloiaoe0aaoaaderp7a164.jpg "/>

Installation complete, Finish

Test Loganalyzer

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6B/F4/wKioL1U7wlrzjzQ9AAWdro11IBc245.jpg "title=" 25.jpg "alt=" Wkiol1u7wlrzjzq9aawdro11ibc245.jpg "/>

The language can be modified to Chinese

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6B/F8/wKiom1U7wSHTy4AGAAWMpzza1Gg099.jpg "title=" 26.jpg "alt=" Wkiom1u7wshty4agaawmpzza1gg099.jpg "/>

If the switch is garbled in Chinese, please modify the character set

[Email protected] web]# vim/web/log/include/functions_common.php #源码包的include目录 # Change the line containing the return htmlentities field to the following format Return Htmlentities ($MYSTR, Ent_noquotes, "UTF-8");

Then log into the system and go to Admin Center to set character sets

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6B/F4/wKioL1U7wqPih0Q-AAMgsNxtcSU037.jpg "title=" 27.jpg "alt=" Wkiol1u7wqpih0q-aamgsnxtcsu037.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6B/F8/wKiom1U7wWLBQtiZAARKu6zn4SY216.jpg "title=" 28.jpg "alt=" Wkiom1u7wwlbqtizaarku6zn4sy216.jpg "/>

Changes after the change of Chinese can be normal display, other functions will not show, please check your own

The end

Well, Rsyslog+loganalyzer is here, Loganalyzer check the log is very intuitive, is not so easy to remember when deploying the firewall to set the corresponding rules, shut down the firewall can be ignored, The construction process encountered problems can leave a message. The above is only for individual learning to organize, if there are mistakes, big God do not spray ~ ~ ~

This article is from the "North Scholar" blog, please make sure to keep this source http://scholar.blog.51cto.com/9985645/1639292

Lamp based on Rsyslog+loganalyzer for centralized log management and analysis