Why->what->where->when->who->how
1. Why log Collection? Why do you use the Rsyslog?
Logs are fundamental to the health analysis of systems and applications, and some logs have special functions, such as MySQL's binary logs and transaction logs. Therefore, to log collection, in order to avoid duplication of the implementation of the log system, so in the Linux distribution has provided the System log collection-RSYSLOGD
2. What is Rsyslog?
Rsyslog, formerly known as Syslog, is a log collector for application log collection and kernel log collection.
Rsyslog compared to syslog improvements:
(1) Support for collecting logs for remote host, working in multi-thread, listening to 514 ports in TCP/UDP
(2) Powerful filter to filter any part of log information
(3) The transfer process supports SSL encryption
(4) Support to store logs in a relational database such as Mysql,pgsql
3. Where will the Rsyslog be used?
Logs can be logged by Rsyslog when the application does not implement a log collection system.
When a log on a network device needs to be centrally managed, it is collected uniformly through the Rsyslog server.
4. When will the Rsyslog be used?
For an application to start running it requires logging, if it does not have the ability to implement logging, you can use the Rsyslog
At the time of the centralized collection of logs
5. How do I use Rsyslog?
Rsyslog uses the concepts involved:
facility: Can be understood as a facility for classifying logs on a function or program
The logs generated by multiple programs can be set to a facility, which is collected by Rsyslog Unified from facility to these logs
Facility are: AUTH,AUTHPRVI,CRON,MAIL,KERN,MARK,USER,UUCP
LOCAL0-LOCAL7 (user-defined use)
Priority: Precedence of log information
Priority list of logs: Debug,info,warn,notice,error,alert,emerg
The Rsyslog package system is automatically installed and automatically run as a daemon, and its master profile is/etc/rsyslog.conf
The configuration file consists of three segments:
# # #MODULES # #
which modules to load
# # #GLOBAL directory###
# # #RULES # #
Define Log Collection rules
Facility:priority Target
Target can be: file (/var/log)
@host (log server)
: Mysql:ip,db,user,pass
Rsyslog+mysql+loganalyzer implement log Display collection?
1. Get ready for MySQL
Yum-y Install Mysql-server
2. Configure Rsyslog
(1) Install Rsyslog-mysql//rsyslog connected to MySQL module
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/7E/A1/wKioL1cGBL6BwLAlAAAdvikc4Oc477.png "title=" 8lts6@2@@ ' V~v_kwcu3i]jc.png "alt=" Wkiol1cgbl6bwlalaaadvikc4oc477.png "/>
(2) rsyslog.conf # # #MODULE # # #段中:
$ModLoad Ommysql
# # #RULE # # #段中
Facility:priority:ommysql:localhost:Syslog:username:password
(3) Restart Rsyslog service
(4) Initialize the record database, install rsyslog-mysql generate a SQL file, import into MySQL, and do the authorization
MYSQL-UUSERNAME-HLOCALHOST-PPASSWD </usr/share/doc/rsyslog-mysql-5.3.10-creatdb.sql
3. Installing Loganalyzer
Loganalyzer is a PHP application, so you need to prepare the running environment first
(1) Installing Apache
(2) Installing PHP
(3) test whether PHP can connect to MySQL properly
<?php
$conn =mysql_connect (' localhost ', ' user ', ' pass ');
If $conn echo "ok!";
else echo "fail!";
Mysql_close ()
?>
(4) Unzip the Loganlyzer to the document directory
Tar XF loganalyzer-3.6.4.tar.gz-c/var/www/html/
Cd/var/www/html
LN-SV loganalyzer-3.6.4 Log
CD Log
MV contrib/* SRC
After moving the two scripts, other files are not available except the SRC directory and can be removed
CD src
chmod 777./*.sh
./configure.sh//Generate config.php file
./secure.sh
Access http://localhost/log/src/install.php in the browser to install
This article is from the "Zxcvbnm Xuan ye" blog, please be sure to keep this source http://10764546.blog.51cto.com/10754546/1761312
Rsyslog+analyzer+mysql Implementing Log Collection Display