MySQL stores logs and uses Loganalyzer for front-end display

MySQL stores logs and uses Loganalyzer for front-end display

Why use logs?
In the production environment, we may need a complete log system to view the status and operations of the running host service, we can use ELK in a larger network architecture to collect, retrieve, and display logs at the front end, however, in small and medium architectures, rsyslog is enough to collect and retrieve logs from all servers for real-time data traffic analysis.

Objectives
Use rsyslog to store the log information of the two hosts to the MySQL database, and compile and install Loganalyzer to display the log information in MySQL using httpd + php on the front end.

Lab Topology

Lab Environment

Host Name	IP address	Responsible
Syslog.bkjia.com	192.168.2.2	Collect logs,MySQL
Www.bkjia.com	192.168.2.3	Web
Server1.bkjia.com	192.168.2.4	Normal use

All Hosts in this article disable SElinux and IPtables

 

Rsyslog settings on syslog hosts
The following operations are performed in syslog.bkjia.com:

First, we need to install mysql and rsyslog to connect to the mysql driver.

[Root @ syslog ~] # Yum install mysql-server rsyslog-mysql-y
Loaded plugins: fastestmirror
Setting up Install Process

# Omitted
Installed:
Rsyslog-mysql.x86_64. 8.10-10. el6_6
Mysql-server.x86_64. 1.73-5. el6_7.1

Complete! Then we need to modify the rsyslog configuration file and enable the following two items:

$ ModLoad imudp
$ UDPServerRun 514
Add the mysql Configuration

$ ModLoad ommysql
Change the log storage location to MySQL
Vim editor enters the last line mode to replace

% S @./var \/log. * @: ommysql: 192.168.2.2, Syslog, syslog, passwd @ gi
Restart rsyslog Service

[Root @ syslog ~] # Service rsyslog restart
Shutting down system logger: [OK]
Starting system logger: [OK]
Create a mysql user and grant permissions

Mysql> grant all on Syslog. * TO 'syslog '@' % 'identified by 'passwd ';
Query OK, 0 rows affected (0.00 sec)

Mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
Import table

[Root @ syslog ~] # Mysql-usyslog-ppasswd </usr/share/doc/rsyslog-mysql-5.8.10/createDB. sqlServer1 rsyslog settings on the host
The following operations are performed in server1.bkjia.com:

First, we need to modify the rsyslog configuration file.
Vim editor enters the last line mode to replace

% S @./var \/log. * @ \ @ 192.168.2.2 @ gi
Restart rsyslog Service

[Root @ server1 ~] # Service rsyslog restart
Shutting down system logger: [OK]
Starting system logger: [OK]
Test successful

Query the database in syslog.bkjia.com to check whether the record is recorded.

Mysql> select * from SystemEvents \ G;
* *************************** 1. row ***************************
ID: 1
CustomerID: NULL
ReceivedAt: 17:28:21
DeviceReportedTime: 2016-03-23 17:28:21
Facility: 0
Priority: 6
FromHost: syslog
Message: imklog 5.8.10, log source =/proc/kmsg started.
NTSeverity: NULL
Importance: NULL
EventSource: NULL
EventUser: NULL
EventCategory: NULL
EventID: NULL
EventBinaryData: NULL
Omitted .... Web Server Configuration
The following operations are performed on www.bkjia.com:

Because loganzyer provides dynamic web pages, we need to install httpd and php

[Root @ www ~] # Yum install php-gd httpd php-mysql-y | tail-n 10
Apr-util.x86_64 3.9-3. el6_0.1
Apr-util-ldap.x86_64 3.9-3. el6_0.1
Httpd-tools.x86_64. 2.15-47. el6.CentOS. 4
Libedit. x86_64 0: 2. 11-4.20080712cvs.1.el6
Mailcap. noarch. 1.31-2. el6
Php-cli.x86_64. 3.3-46. el6_7.1
Php-common.x86_64. 3.3-46. el6_7.1
Php-pdo.x86_64. 3.3-46. el6_7.1

Complete!
Decompress the loganzyer package to/var/www/html and configure

[Root @ www ~] # Tar loganalyzer-3.6.4.tar.gz-C/var/www/html/
[Root @ www ~] # Cd/var/www/html/
[Root @ www html] # ls
Loganalyzer-3.6.4
[Root @ www html] # cp-a loganalyzer-3.6.4/src/log
Cp-a loganalyzer-3.6.4/contrib/*. sh log/

[Root @ www html] # cd log
[Root @ www log] # chmod + x *. sh
[Root @ www log] #./configure. sh
[Root @ www log] #./secure. sh
[Root @ www log] # chmod 666 config. php
Start the httpd service

[Root @ www log] # service httpd start
Starting httpd: cocould not reliably determine the server's fully qualified domain n
Ame, using www.bkjia.com for ServerName [OK]
Access the web page to install loganalyzer

Go to the following page and enter

Continue to the next step and click Finish.

After the installation is complete, you can view the logs of multiple hosts on the front-end page.

Summary
How is it? Is it very intuitive to view well-formatted and beautiful log information, and there is no need to face complicated command line interfaces!

RHEL5.4 deployment of central log server rsyslog + loganalyzer

Log servers using rsyslog mysql and logAnalyzer

Deploy a log server using Rsyslog + LogAnalyzer + MySQL in CentOS 6.3

LogAnalyzer details: click here
LogAnalyzer: click here

This article permanently updates the link address: