RHEL5.4部署中央日志服务器之rsyslog+loganalyzer
?#if?you?experience?problems,?check
#?http://www.rsyslog.com/troubleshoot?for?assistance
#?rsyslog?v3:?load?input?modules#?If?you?do?not?load?inputs,?nothing?happens!
#?You?may?need?to?set?the?module?load?path?if?modules?are?not?found.
$ModLoad?immark???#?provides?--MARK--?message?capability$ModLoad?imuxsock?#?provides?support?for?local?system?logging?(e.g.?via?logger?command)
$ModLoad?imklog???#?kernel?logging?(formerly?provided?by?rklogd)
$ModLoad?ommysql*.*:ommysql:localhost,Syslog,root,frank
#?注?localhost?字節是database-server
Syslog?是數據中database-name?
root?是database-userid?
frank?是root用戶登錄mysql的密碼
#該行的格式
#*.*:ommysql:database-server,database-name,database-userid,database-password
#同樣要注意的是database-name?必須和/root/rsyslog-5.6.2/plugins/ommysql/creatDB.sql?中的相同
#?Log?all?kernel?messages?to?the?console.#?Logging?much?else?clutters?up?the?screen.kern.*/dev/console
#?Log?anything?(except?mail)?of?level?info?or?higher.
#?Don't?log?private?authentication?messages!
*.info;mail.none;authpriv.none;cron.none????????????????-/var/log/messages#?The?authpriv?file?has?restricted?access.authpriv.*/var/log/secure
#?Log?all?the?mail?messages?in?one?place.mail.*-/var/log/maillog
#?Log?cron?stuffcron.*???????????????????????????????????????????-/var/log/cron
#?Everybody?gets?emergency?messages*.emerg*
#?Save?news?errors?of?level?crit?and?higher?in?a?special?file.
uucp,news.crit??????????????????????????????????????????-/var/log/spooler#?Save?boot?messages?also?to?boot.loglocal7.*/var/log/boot.log
#?Remote?Logging?(we?use?TCP?for?reliable?delivery)
#?An?on-disk?queue?is?created?for?this?action.?If?the?remote?host?is
#?down,?messages?are?spooled?to?disk?and?sent?when?it?is?up?again.
#$WorkDirectory?/rsyslog/spool?#?where?to?place?spool?files
#$ActionQueueFileName?uniqName?#?unique?name?prefix?for?spool?files
#$ActionQueueMaxDiskSpace?1g???#?1gb?space?limit?(use?as?much?as?possible)#$ActionQueueSaveOnShutdown?on?#?save?messages?to?disk?on?shutdown
#$ActionQueueType?LinkedList???#?run?asynchronously#$ActionResumeRetryCount?-1????#?infinite?retries?if?host?is?down#?remote?host?is:?name/ip:port,?e.g.?192.168.0.1:514,?port?optional
#*.*?@@remote-host:514#?#########?Receiving?Messages?from?Remote?Hosts?##########?
#?TCP?Syslog?Server:#?provides?TCP?syslog?reception?and?GSS-API?(if?compiled?to?support?it)
#$ModLoad?imtcp.so?#?load?module#$InputTCPServerRun?514?#?start?up?TCP?listener?at?port?514
##########?下面的配置接受遠程主機的日志UDP?Syslog?Server:$ModLoad?imudp.so?#?provides?UDP?syslog?reception$UDPServerRun?514?#?start?a?UDP?syslog?server?at?standard?port?514
5?關閉系統自帶的syslog?進程#service?syslog?stop
#chkconfig?syslog?off
6?因為rsyslog?沒有啟動腳本,并修改該腳本此時用的是syslog的啟動腳本,#cp?/etc/init.d/{syslog,rsyslog}把腳本中syslog?替換成rsyslog?#sed?-i?‘s/syslog/rsyslog/g’?/etc/init.d/rsyslog
#chmod?700?/etc/init.d/rsyslog#chkconfig?–add?rsyslog#chkconfig?rsyslog?on?7?創建一下鏈接,不然在啟動rsyslog?時回報錯
#?ln?-sv?/usr/local/rsyslog/sbin/rsyslogd?/sbin/rsyslogd
8?導入數據庫?#cd?/root/rsyslog-5.6.2/plugins/ommysql
#mysql?-uroot?–pfrank?<?createDB.sql9?啟動rsyslog?并驗證#service?rsyslog?restart
#mysql?–uroot?-pfrank
???Mysql>use?database?Syslog;
Msql>?select?*?from?SystenEvents
#?如果上面的配置無誤的情況可以查看一些新日志信息?10?安裝loganalyzer?并修改權限
#tar?xvf?loganalyzer-3.0.4.tar.gz
#cd?loganalyzer-3.0.4
#cp?-r?src/?????/var/www/html/loganalyzer
#cp?-r?contrib/*/var/www/html/loganalyzer
#chown?-R?apache.apache?/var/www/html/loganalyzer
?11通過web?形式安裝loganalyzer?,在安裝之前必須先執行以下兩個腳本
#bash???/var/www/html/loganalyzer/configure.sh
#bash????/var/www/html/loganalyzer/secure.sh
在瀏覽器在中
http://IP/loganalyzer
注:該IP?為您的日志服務器
12?安裝咯疙loganalyzer?1314?在安裝前先執行??#cd??/var/www/html/loganayzer#bash??configure.php??#chmod???666??config.php15???注意數據庫名,為了安全,不要使用root用戶
?
?
?
16???
?
17??
?
18??創建用戶
?
19??注意數據庫和表明
?
?
20
?
21?創建用戶
?
?
22??確認下面的配置信息
?
?
23??rsyslog+loganalyzer?的分析圖如下所示
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
本文出自?“Frank”?博客,請務必保留此出處http://freehat.blog.51cto.com/1239536/461495
?
轉載于:https://blog.51cto.com/lucifer119/1222512
總結
以上是生活随笔為你收集整理的RHEL5.4部署中央日志服务器之rsyslog+loganalyzer的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 大学生选课问题
- 下一篇: 如何提高代码质量:代码复查