RHEL5.4部署中央日志服务器之rsyslog+loganalyzer

  

 #if you experience problems, check

# http://www.rsyslog.com/troubleshoot for assistance

# If you do not load inputs, nothing happens!

# You may need to set the module load path if modules are not found.

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)

$ModLoad imklog   # kernel logging (formerly provided by rklogd)

*.*       :ommysql:localhost,Syslog,root,frank

     # 注 localhost 字节是database-server

          Syslog 是数据中database-name 

          root 是database-userid 

          frank 是root用户登录mysql的密码

      #该行的格式

      #*.*       :ommysql:database-server,database-name,database-userid,database-password

#同样要注意的是database-name 必须和/root/rsyslog-5.6.2/plugins/ommysql/creatDB.sql 中的相同

kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.

# Don't log private authentication messages!

authpriv.*                                              /var/log/secure

mail.*                                                  -/var/log/maillog

cron.*                                                  -/var/log/cron

*.emerg                                                 *

# Save news errors of level crit and higher in a special file.

local7.*                                                /var/log/boot.log

# Remote Logging (we use TCP for reliable delivery)

# An on-disk queue is created for this action. If the remote host is

# down, messages are spooled to disk and sent when it is up again.

#$WorkDirectory /rsyslog/spool # where to place spool files

#$ActionQueueFileName uniqName # unique name prefix for spool files

#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown

# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional

# ######### Receiving Messages from Remote Hosts ##########

# provides TCP syslog reception and GSS-API (if compiled to support it)

#$InputTCPServerRun 514 # start up TCP listener at port 514

$UDPServerRun 514 # start a UDP syslog server at standard port 514

     #service syslog stop

     #chkconfig syslog off

 #sed -i ‘s/syslog/rsyslog/g’ /etc/init.d/rsyslog

 7 创建一下链接，不然在启动rsyslog 时回报错

     # ln -sv /usr/local/rsyslog/sbin/rsyslogd /sbin/rsyslogd

 #cd /root/rsyslog-5.6.2/plugins/ommysql

   #service rsyslog restart

   #mysql –uroot -pfrank

   Mysql>use database Syslog;

Msql> select * from SystenEvents

 10 安装loganalyzer 并修改权限

     #tar xvf loganalyzer-3.0.4.tar.gz

     #cd loganalyzer-3.0.4

     #cp -r src/     /var/www/html/loganalyzer

     #cp -r contrib/*     /var/www/html/loganalyzer

     #chown -R apache.apache /var/www/html/loganalyzer

 11   通过web 形式安装loganalyzer ，在安装之前必须先执行以下两个脚本

       #bash   /var/www/html/loganalyzer/configure.sh

       #bash    /var/www/html/loganalyzer/secure.sh

      在浏览器在中

       http://IP/loganalyzer 

       注：该IP 为您的日志服务器

15   注意数据库名，为了安全，不要使用root用户

    

 

 

16   

 

17  

    

18  创建用户

   

19  注意数据库和表明

 

 

20

 

21 创建用户

 

 

22  确认下面的配置信息

 

 

23  rsyslog+loganalyzer 的分析图如下所示

 

 

 

 

本文转自 freehat08 51CTO博客，原文链接：http://blog.51cto.com/freehat/461495，如需转载请自行联系原作者