Rsyslog + mysql + loganalyzer build a log server <personal notes>, rsysloganalyzer
The general idea is as follows: Use the rsyslog service that comes with Linux as the underlying layer, and then use the templates of mysql and rsyslog to store files and display them on the web. <Template storage is based on the date tree structure and is divided by the Server Client IP address as the file name. The final result is as follows: 1. configure the rsyslog server Service 2. configure the lamp architecture. 3. install Loganalyzer log web4. configure web permission Control 1. Configure rsyslog server services as follows:/etc/rsyslog. conf configuration file, and modify it to the following configuration.
[Root @ localhost ~] # Grep-v '^ #'/etc/rsyslog. conf | grep-v '^ $' $ ModLoad ommysql *. *: ommysql: localhost, Syslog, rsyslog, 123456 $ ModLoad imuxsock # provides support for local system logging (e.g. via logger command) $ ModLoad imklog # provides kernel logging support (previusly done by rklogd) $ ModLoad immark # provides -- MARK -- message capability $ ModLoad imudp $ UDPServerRun 514 $ ModLoad imtcp $ InputTCPServerRun 514 $ ActionFile DefaultTemplate RSYSLOG_TraditionalFileFormat $ template DynamicFile, "/var/log/ttlogs/% $ YEAR %/% $ MONTH %/% $ DAY %/% fromhost-ip %-test. log "*. *? DynamicFile $ IncludeConfig/etc/rsyslog. d /*. conf *. info; mail. none; authpriv. none; cron. none/var/log/messagesauthpriv. */var/log/securemail. *-/var/log/maillogcron. */var/log/cron *. emerg * uucp, news. crit/var/log/spoolerlocal7. */var/log/boot. log [root @ localhost ~] #/Etc/init. d/rsyslog restart # restart the rsyslog service # chkconfig rsyslog on # Set the boot start # netstat-tpnl # Check whether the rsyslogd service is properly started, port 514 # logger 'test _ samcao '# Send test logs # tail-f/var/log/messages # Check whether the test information is available. The mysql interface is added above, there will be an error message but it will not be affected
Note: Pay attention to the rsyslog version. Some versions have different configurations. There is a problem. You need to troubleshoot the problem based on the log information in/var/log/message, in this step, rsyslog server configuration is complete. 2. Prepare to configure the LAMP environment. In this step, you can directly set up the LAMP environment.
#yum -y install httpd mysql mysql-server php php-mysql postgresql postgresql-server php-postgresql php-pgsql php-devel gd gd-devel php-gd#/etc/init.d/httpd start#/etc/rc.d/init.d/mysqld start#/usr/bin/mysqladmin -u root password 'new-password'
3. Install Loganalyzer log web
#wget http://download.adiscon.com/loganalyzer/loganalyzer-3.6.5.tar.gz#tar zxvf loganalyzer-3.6.5.tar.gz#cd loganalyzer-3.6.5# mkdir -p /var/www/html/loganalyzer# rsync -a src/* /var/www/html/loganalyzer/# touch /var/www/html/loganalyzer/config.php# chmod 666 /var/www/html/loganalyzer/config.php
Then, access the http: // 192.168.1.213/loganalyzer page to perform web installation. I ignored this. There are too many images. And I have installed it. It is too troublesome. You can refer to this link: Workshop. You can also enable/etc/php for the gd library. ini uncomment the line gd.jpeg _ ignore_warning = 0. 4. After the web permission control is created, you can directly open the web page to view logs. You may need to set relevant permissions sometimes, I have not studied loganalyzer in depth. I have used the apache password to solve this problem. set http. allowOverride all in conf
[root@logserver ~]# cat /var/www/html/.htaccess AuthName "Login"AuthType basicAuthUserFile "/var/webuser"require valid-user[root@logserver ~]#
4. you will be prompted to enter the password after using it. enter the password directly. however, you cannot use the preceding command to add multiple users. -c indicates that an encrypted file needs to be created. You can use htpasswd-mdps/var/webuser cs to add an account. this is the end of the process. when you access the web, you are prompted to enter the password. Enter the parameter and you will be able to access it normally. Some of the configuration information is not clearly stated above. If you need it, you can refer to the following links: https://linux.cn/article-5023-1.html in Linux to configure a syslog server http://www.cnblogs.com/mchina/p/linux-centos-rsyslog-loganalyzer-mysql-log-server.html CentOS 6.5 under the use of Rsyslog + LogAnalyzer + MySQL to deploy the log server other there are some official links, this will not post, there is a problem Baidu go. This is just my own record.
[root@localhost ~]# grep -v '^#' /etc/rsyslog.conf |grep -v '^$'$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)$ModLoad imklog # provides kernel logging support (previously done by rklogd)$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat$IncludeConfig /etc/rsyslog.d/*.conf*.info;mail.none;authpriv.none;cron.none /var/log/messagesauthpriv.* /var/log/securemail.* -/var/log/maillogcron.* /var/log/cron*.emerg :omusrmsg:*uucp,news.crit /var/log/spoolerlocal7.* /var/log/boot.logmodule(load="imfile" PollingInterval="10")input(type="imfile" File="/usr/local/u-mail/service/nginx/logs/access.log" StateFile="/var/spool/rsyslog/statefile1" Tag="tag1" Severity="access" Facility="local7")local7.* @192.168.1.213:514*.* @192.168.1.213[root@localhost ~]#