一、配置rsyslog可接收日志
1、准备新的Centos7环境
2、部署lnmp环境
# 安装扩展源
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo# 安装扩展源
yum install nginx -y# 安装nginx
yum install -y php php-devel php-fpm php-mysql php-common php-devel php-gdlibjpeg* php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-mcrypt php-bcmath php-mhash libmcrypt libmcrypt-devel # 安装与php相关的包
systemctl start nginx php-fpm
systemctl enable nginx php-fpm # 启动nginx与php
3、配置简易的客户端与服务端
(1)修改rsyslog的配置文件并重启
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514*.info;mail.none;authpriv.none;cron.none @192.168.134.155systemctl restart rsyslog # 重启
(2)在日志服务器端启动tcp与udp服务(192.168.134.155)==该服务器命名为test2,同样重启
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514systemctl restart rsyslog # 重启
4、测试基础效果
Jul 20 03:25:59 localhost systemd: Stopping The nginx HTTP and reverse proxy server...
Jul 20 03:25:59 localhost systemd: Stopped The nginx HTTP and reverse proxy server.
Jul 20 03:26:01 localhost systemd: Starting The nginx HTTP and reverse proxy server...
Jul 20 03:26:01 localhost nginx: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Jul 20 03:26:01 localhost nginx: nginx: configuration file /etc/nginx/nginx.conf test is successfu服务器test2上收到了test1上发送的nginx日志,测试成功
二、配置基于mysql存储日志信息
1、安装数据库及插件,并配置数据库。
#安装数据库
yum install rsyslog-mysql
yum install mariadb-server
systemctl restart mariadb
systemctl enable mariadb# 配置数据库
mysqladmin -uroot password '123456
2、指定用户,赋予权限
# 进入数据库
mysql -uroot -p123456# 进入mysql数据库
use mysql#赋予权限并刷新
grant all on Syslog.* to 'Syslog'@'192.168.%.%' identified by 'admin123';
flush privileges;
3、退出数据库,修改配置文件
# 修改配置文件
vim /etc/my.cnf[mysqld]# 增加下列两行
skip_name_resolve=on
innodb_file_per_table=on# 重启数据库
systemctl restart mariadb
# 将日志重定向入数据库
mysql -uSyslog -h192.168.134.138 -padmin123 < /usr/share/doc/rsyslog-*/mysql-createDB.sql
4、修改rsyslog配置文件
vim /etc/rsyslog.conf修改内容如下:
#### MODULES ####$ModLoad ommysql # 增加这一行# 注释掉如下第一行,增加第二行
#*.info;mail.none;authpriv.none;cron.none @192.168.134.155
*.info;mail.none;authpriv.none;cron.none :ommysql:192.168.134.138,Syslog,Syslog,admin123# 重启日志服务器与nginx
systemctl restart rsyslog
systemctl restart nginx
5、基础测试(登入数据库,执行如下命令)
use Syslog
show tables;
select count(*) from SystemEvents;
出现如下结果即配置成功
+----------+
| count(*) |
+----------+
| 12 |
+----------+
三、配置前端
1、安装loganalyzer软件
地址:LogAnalyzer v4.1.12 (v4-stable) - Adiscon LogAnalyzer
2、解压并进行配置
# 执行以下命令
tar xf loganalyzer-4.1.12.tar.gz -C /
cd /
ln -sv loganalyzer-4.1.12/ loganalyzer
cd loganalyzer
ls /usr/share/nginx/html/
mkdir -p /usr/share/nginx/html/log
cp -r ./src/* /usr/share/nginx/html/log/
cd -
ls contrib/
cp contrib/* /usr/share/nginx/html/log/
cd /usr/share/nginx/html/log/
chmod +x *.sh
./configure.sh
./secure.sh touch config.php
chmod 666 config.php
3、浏览器访问http://自己的ip/index.php,一直点击next即可配置成功。、
最终结果: