1.基本环境搭建
1.1 系统版本
1
2
|
cat
/etc/redhat-release
CentOS Linux release 7.3.1611 (Core)
|
1.2 关闭防火墙
1
2
|
systemctl stop firewalld.service
#停止firewall
systemctl disable firewalld.service
#禁止firewall开机启动
|
1.3 关闭selinux
1
2
|
vim
/etc/selinux/config
SELINUX=disabled
|
2.安装数据库
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
yum进行安装:
yum
install
mariadb-server mariadb -y
启动数据库:
systemctl start mariadb.service
查看状态:
systemctl status mariadb.service
设置开机自启:
systemctl
enable
mariadb.service
设置密码:
mysqladmin -u root password
'123456'
修改数据文件存储位置:
systemctl stop mariadb.service
mkdir
/mysqldata
cp
-rp
/var/lib/mysql/
*
/mysqldata/
cp
-p
/etc/my
.cnf{,.bak}
vim
/etc/my
.cnf
修改datadir参数datadir=
/mysqldata
重启数据库:
systemctl start mariadb.service
|
3.安装Apache及PHP
1
2
3
4
5
6
7
8
9
10
|
yum
install
httpd php php-gd php-xml php-mysql
# systemctl start httpd.service
# systemctl enable httpd.service
测试php环境
cd
/var/www/html
vim index.php
<?php
phpinfo()
?>
浏览器打开192.168.101.128 进行查看
|
4.服务器端配置软件rsyslog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
#检查是否安装软件(系统默认安装)
rpm -qa rsyslog
#安装rsyslog 连接MySQL数据库的模块
yum
install
rsyslog-mysql -y
#导入日志数据库
cd
/usr/share/doc/rsyslog-7
.4.7/
mysql -u root -p < mysql-createDB.sql
mysql -u root -p
#登入数据库
MariaDB [(none)]> show databases;
#显示现有数据库
MariaDB [(none)]> use Syslog;
MariaDB [Syslog]> show tables;
#创建rsyslog用户,密码为123456
MariaDB [Syslog]>create user
'rsyslog'
@
'localhost'
identified by
'123456'
;
#授予Syslog库下所有表的权限给rsyslog数据库用户
MariaDB [Syslog]>grant all on Syslog.* to
'rsyslog'
@
'localhost'
;
MariaDB [Syslog]>flush privileges;
#插入来源ip的字段
MariaDB [Syslog]>ALTER TABLE `SystemEvents` ADD COLUMN `FromIP` varchar(100) NULL AFTER `FromHost`;
#修改rsyslog 配置文件
cd
/etc/rsyslog
.d
vim loganalyzer.conf
$ModLoad immark
# immark是模块名,支持日志标记
$ModLoad imudp
# imupd是模块名,支持udp协议
$UDPServerRun 514
#允许514端口接收使用UDP和TCP协议转发过来的日志
$template insertpl,
"insert into SystemEvents (Message, Facility, FromHost, FromIP, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values ('%msg%', %syslogfacility%, '%HOSTNAME%', '%fromhost-ip%', %syslogpriority%, '%timereported:::date-mysql%', '%timegenerated:::date-mysql%', %iut%, '%syslogtag%')"
,SQL
$ModLoad ommysql
*.warn;authpriv.* :ommysql:localhost,Syslog,rsyslog,123456;insertpl
systemctl restart rsyslog.service
#在服务器端验证日志是否写入数据库中:
logger -p warn
"nihao"
tail
-f
/var/log/messages
#本地日志中保留一份
#在服务端mysql中查看,日志成功存放在数据库中
mysql -u rsyslog -p
mysql> use Syslog;
mysql>
select
* from SystemEvents\G;
验证成功!!!
|
5.客户端配置软件rsyslog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
#检查是否安装软件(系统默认安装)
rpm -qa rsyslog
#修改rsyslog 配置文件
cd
/etc/rsyslog
.d
vim client.conf
*.warn;authpriv.* @192.168.101.128:514
systemctl restart rsyslog.service
在客户端验证,日志是否存放在服务器端数据库中:
logger -p warn
"nihaoma1"
tail
-f
/var/log/messages
#本地日志存放一份
在服务端mysql中查看:
mysql -u rsyslog -p
mysql> use Syslog;
mysql>
select
* from SystemEvents\G;
验证成功!!!
|
编辑/etc/bashrc,将客户端执行的所有命令写入系统日志/var/log/messages中(可以选择)
1
2
3
4
|
# vi /etc/bashrc
export
PROMPT_COMMAND=
'{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg"; }'
#在结尾处加上此内容
设置使其生效
# source /etc/bashrc
|
6.服务器端loganalyzer日志分析工具的搭建
1
2
3
4
5
6
7
8
9
10
11
|
wget http:
//download
.adiscon.com
/loganalyzer/loganalyzer-4
.1.5.
tar
.gz
tar
-zxvf loganalyzer-4.1.5.
tar
.gz
mkdir
-p
/var/www/html/loganalyzer/
cp
-rp loganalyzer-4.1.5
/src/
*
/var/www/html/loganalyzer/
cd
/var/www/html/loganalyzer/
touch
config.php
chmod
666 config.php
|
下面打开网页192.168.101.128/loganalyzer进行配置
下面开始配置loganalyzer显示来源ip
重新登入浏览器:http://192.168.101.128/loganalyzer。 则显示来源ip
至此rsyslog与loganalyzer已配置完成。
最后详细loganalyzer操作,请参考http://blog.csdn.net/xdnabl/article/details/51120873
http://teemomo.blog.51cto.com/2376140/1160824
本文转自 a8757906 51CTO博客,原文链接:http://blog.51cto.com/nxyboy/1932928