搭建日志服务器
1、环境配置
环境:
node01 192.168.32.132 rsyslog服务器
node02 192.168.32.128 rsyslog客户端
2、node01、node02安装rsyslog软件包
[root@node01 ~]# yum install -y rsyslog
[root@node02 ~]# yum install -y rsyslog
3、修改node01上rsyslog的配置文件
[root@node01 ~]# vim /etc/rsyslog.conf
将接受日志传入的模块的注释去掉,包括TCP和UDP
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
4、重启rsyslog服务
[root@node01 ~]# systemctl restart rosyslog.service
查看端口是否开启
[root@node01 ~]# ss -tunl
5、在node02上配置一下发送日志的主机
[root@node02 ~]# vim /etc/rsyslog.conf
比如
将*.info;mail.none;authpriv.none;cron.none /var/log/messages
修改为
#*.info;mail.none;authpriv.none;cron.none @node01
6、修改完成,重启一下node02的日志服务
[root@node02 ~]# systemctl restart rosyslog.service
7、验证
比如,在node02上安装一个httpd服务
[root@node02 ~]# yum -y install httpd
然后在node01上面的日志输出查询是不是有记录
[root@node01 ~]# tail -f /var/log/messages
查询结果是有的,大功告成,基本配置就算完成了
附加:
(1、)将日志放进mysql中并进行展示
8、安装mysql 以及rsyslog-mysql软件包
[root@node01 ~]# yum install -y rsyslog-mysql
[root@node01 ~]# rpm -ql rsyslog-mysql
[root@node01 ~]# yum install -y mariadb mariadb-server
9、修改mariadb的配置文件,启动mariadb服务
[root@node01 ~]# vim /etc/my.cnf.d/server.cnf
[server]
# this is only for the mysqld standalone daemon
[mysqld]
skip_name_resolve=ON
innodb_file_per_table=ON
[root@node01 ~]# systemctl restart mariadb
10、将rsyslog的数据库导入到mariadb中,并进行赋权
[root@node01 ~]# mysql < /usr/share/doc/rsyslog-8.24.0/mysql-createDB.sql
[root@node01 ~]# mysql
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| Syslog |
| mysql |
| performance_schema |
| test |
+--------------------+
5 rows in set (0.00 sec)
MariaDB [(none)]> use Syslog;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [Syslog]> show tables;
+------------------------+
| Tables_in_Syslog |
+------------------------+
| SystemEvents |
| SystemEventsProperties |
MariaDB [Syslog]> desc SystemEvents;
+--------------------+------------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+--------------------+------------------+------+-----+---------+----------------+
| ID | int(10) unsigned | NO | PRI | NULL | auto_increment |
| CustomerID | bigint(20) | YES | | NULL | |
| ReceivedAt | datetime | YES | | NULL | |
| DeviceReportedTime | datetime | YES | | NULL | |
| Facility | smallint(6) | YES | | NULL | |
| Priority | smallint(6) | YES | | NULL | |
| FromHost | varchar(60) | YES | | NULL | |
| Message | text | YES | | NULL | |
| NTSeverity | int(11) | YES | | NULL | |
| Importance | int(11) | YES | | NULL | |
| EventSource | varchar(60) | YES | | NULL | |
| EventUser | varchar(60) | YES | | NULL | |
| EventCategory | int(11) | YES | | NULL | |
| EventID | int(11) | YES | | NULL | |
| EventBinaryData | text | YES | | NULL | |
| MaxAvailable | int(11) | YES | | NULL | |
| CurrUsage | int(11) | YES | | NULL | |
| MinUsage | int(11) | YES | | NULL | |
| MaxUsage | int(11) | YES | | NULL | |
| InfoUnitID | int(11) | YES | | NULL | |
| SysLogTag | varchar(60) | YES | | NULL | |
| EventLogType | varchar(60) | YES | | NULL | |
| GenericFileName | varchar(60) | YES | | NULL | |
| SystemID | int(11) | YES | | NULL | |
+--------------------+------------------+------+-----+---------+----------------+
24 rows in set (0.00 sec)
MariaDB [Syslog]> desc SystemEventsProperties;
+---------------+------------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+---------------+------------------+------+-----+---------+----------------+
| ID | int(10) unsigned | NO | PRI | NULL | auto_increment |
| SystemEventID | int(11) | YES | | NULL | |
| ParamName | varchar(255) | YES | | NULL | |
| ParamValue | text | YES | | NULL | |
+---------------+------------------+------+-----+---------+----------------+
4 rows in set (0.00 sec)
MariaDB [Syslog]> grant all on Syslog.* to 'rsyslog'@'192.168.32.%' identified by 'rsyslog';
Query OK, 0 rows affected (0.00 sec)
MariaDB [Syslog]> grant all on Syslog.* to 'rsyslog'@'192.168.32.%' identified by 'rsyslog';
Query OK, 0 rows affected (0.00 sec)
MariaDB [Syslog]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
MariaDB [Syslog]> exit
Bye
11、修改rsyslog的配置文件,并重启rsyslog服务
[root@node01 ~]# vim /etc/rsyslog.conf
比如:
将#*.info;mail.none;authpriv.none;cron.none /var/log/messages
换成
*.info;mail.none;authpriv.none;cron.none :ommysql:192.168.32.132,Syslog,rsyslog,rsyslog
[root@node01 ~]# systemctl restart rsyslog.service
12、在node02安装个软件包vstpd,进入数据库,验证
[root@node02 ~]# yum install -y vsftpd
[root@node01 ~]# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 5
Server version: 5.5.60-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
MariaDB [(none)]>
MariaDB [(none)]>
MariaDB [(none)]> use Syslog;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [Syslog]> show tables;
+------------------------+
| Tables_in_Syslog |
+------------------------+
| SystemEvents |
| SystemEventsProperties |
+------------------------+
2 rows in set (0.00 sec)
MariaDB [Syslog]> select * from SystemEvents \G;
*************************** 1. row ***************************
ID: 1
CustomerID: NULL
ReceivedAt: 2019-01-23 18:16:53
DeviceReportedTime: 2019-01-23 18:16:53
Facility: 3
Priority: 6
FromHost: node01
Message: Stopping System Logging Service...
NTSeverity: NULL
Importance: NULL
EventSource: NULL
EventUser: NULL
EventCategory: NULL
EventID: NULL
EventBinaryData: NULL
MaxAvailable: NULL
CurrUsage: NULL
MinUsage: NULL
MaxUsage: NULL
InfoUnitID: 1
SysLogTag: systemd:
EventLogType: NULL
GenericFileName: NULL
SystemID: NULL
*************************** 2. row ***************************
ID: 2
CustomerID: NULL
ReceivedAt: 2019-01-23 18:16:53
DeviceReportedTime: 2019-01-23 18:16:53
Facility: 5
Priority: 6
FromHost: node01
Message: [origin software="rsyslogd" swVersion="8.24.0-34.el7" x-pid="1812" x-info="http://www.rsyslog.com"] exiting on signal 15.
NTSeverity: NULL
Importance: NULL
EventSource: NULL
EventUser: NULL
EventCategory: NULL
EventID: NULL
EventBinaryData: NULL
MaxAvailable: NULL
CurrUsage: NULL
MinUsage: NULL
MaxUsage: NULL
InfoUnitID: 1
SysLogTag: rsyslogd:
EventLogType: NULL
GenericFileName: NULL
SystemID: NULL
*************************** 3. row ***************************
ID: 3
CustomerID: NULL
ReceivedAt: 2019-01-23 18:16:53
DeviceReportedTime: 2019-01-23 18:16:53
Facility: 3
Priority: 6
FromHost: node01
Message: Starting System Logging Service...
NTSeverity: NULL
Importance: NULL
EventSource: NULL
EventUser: NULL
EventCategory: NULL
EventID: NULL
EventBinaryData: NULL
MaxAvailable: NULL
CurrUsage: NULL
MinUsage: NULL
MaxUsage: NULL
InfoUnitID: 1
SysLogTag: systemd:
EventLogType: NULL
GenericFileName: NULL
SystemID: NULL
*************************** 4. row ***************************
ID: 4
CustomerID: NULL
ReceivedAt: 2019-01-23 18:16:53
DeviceReportedTime: 2019-01-23 18:16:53
Facility: 5
Priority: 6
FromHost: node01
Message: [origin software="rsyslogd" swVersion="8.24.0-34.el7" x-pid="2396" x-info="http://www.rsyslog.com"] start
NTSeverity: NULL
Importance: NULL
EventSource: NULL
EventUser: NULL
EventCategory: NULL
EventID: NULL
EventBinaryData: NULL
MaxAvailable: NULL
CurrUsage: NULL
MinUsage: NULL
MaxUsage: NULL
InfoUnitID: 1
SysLogTag: rsyslogd:
EventLogType: NULL
GenericFileName: NULL
SystemID: NULL
*************************** 5. row ***************************
ID: 5
CustomerID: NULL
ReceivedAt: 2019-01-23 18:16:53
DeviceReportedTime: 2019-01-23 18:16:53
Facility: 3
Priority: 6
FromHost: node01
Message: Started System Logging Service.
NTSeverity: NULL
Importance: NULL
EventSource: NULL
EventUser: NULL
EventCategory: NULL
EventID: NULL
EventBinaryData: NULL
MaxAvailable: NULL
CurrUsage: NULL
MinUsage: NULL
MaxUsage: NULL
InfoUnitID: 1
SysLogTag: systemd:
EventLogType: NULL
GenericFileName: NULL
SystemID: NULL
*************************** 6. row ***************************
ID: 6
CustomerID: NULL
ReceivedAt: 2019-01-23 18:17:14
DeviceReportedTime: 2019-01-23 18:17:14
Facility: 3
Priority: 6
FromHost: node02
Message: Reloading.
NTSeverity: NULL
Importance: NULL
EventSource: NULL
EventUser: NULL
EventCategory: NULL
EventID: NULL
EventBinaryData: NULL
MaxAvailable: NULL
CurrUsage: NULL
MinUsage: NULL
MaxUsage: NULL
InfoUnitID: 1
SysLogTag: systemd:
EventLogType: NULL
GenericFileName: NULL
SystemID: NULL
*************************** 7. row ***************************
ID: 7
CustomerID: NULL
ReceivedAt: 2019-01-23 18:17:14
DeviceReportedTime: 2019-01-23 18:17:14
Facility: 1
Priority: 6
FromHost: node02
Message:Installed: vsftpd-3.0.2-25.el7.x86_64
NTSeverity: NULL
Importance: NULL
EventSource: NULL
EventUser: NULL
EventCategory: NULL
EventID: NULL
EventBinaryData: NULL
MaxAvailable: NULL
CurrUsage: NULL
MinUsage: NULL
MaxUsage: NULL
InfoUnitID: 1
SysLogTag: yum[1929]:
EventLogType: NULL
GenericFileName: NULL
SystemID: NULL
7 rows in set (0.00 sec)
ERROR: No query specified
MariaDB [Syslog]> exit
Bye
验证成功!!
13、安装httpd、php软件包,配置http
[root@node01 ~]# yum install -y httpd php php-mysql php-gd
[root@node01 ~]# cd /var/www/html/
[root@node01 html]# tar zxvf loganalyzer-3.6.5.tar.gz
[root@node01 html]# cd loganalyzer-3.6.5/
[root@node01 loganalyzer-3.6.5]# cd ..
[root@node01 html]# mv * /root/
[root@node01 ~]# cp -r loganalyzer-3.6.5/src/ /var/www/html/loganalyzer-3.6.5
[root@node01 ~]# cd /var/www/html/loganalyzer-3.6.5
[root@node01 html]# ln -sv loganalyzer-3.6.5 log
[root@node01 loganalyzer-3.6.5]# cd /var/www/html/
[root@node01 html]# cd log
[root@node01 log]# touch config.php
[root@node01 log]# chmod 666 config.php
[root@node01 log]# systemctl restart httpd
[root@node01 log]# systemctl enable httpd
然后登陆http://192.168.32.132/log
进行配置
配置完成后成功展示,如图:
展示成功,最后修改
chmod 644 /var/www/html/log/config.php
大功告成!O(∩_∩)O
)
