Chinaunix首页 | 论坛 | 博客
  • 博客访问: 268106
  • 博文数量: 147
  • 博客积分: 0
  • 博客等级: 民兵
  • 技术积分: 1149
  • 用 户 组: 普通用户
  • 注册时间: 2014-01-14 16:47
个人简介

路漫漫其修远兮,吾将上下而求索

文章分类

全部博文(147)

文章存档

2018年(1)

2016年(10)

2015年(15)

2014年(121)

我的朋友

分类: 系统运维

2015-08-28 17:01:47

1、下载rsyslog+loganalyzer (其中涉及到的安装包,在文章的末尾点击下载)
2、环境部署lamp 

点击(此处)折叠或打开

  1. yum -y install gcc gcc-c++ make sudo autoconf libtool-ltdl-devel gd-devel freetype-devel libxml2-devel libjpeg-devel libpng-devel openssl-devel curl-devel patch libmcrypt-devel libmhash-devel ncurses-devel libxml2 freetype cairo* pango pango-devel libpng libart_lgpl zlib glib libtool m4 autoconf automake mysql mysql-devel mysql-server php php-mysql php-pdo php-common php-gd zlib-devel
这些都是必须安装的,否则在编译rsyslog时会出错的。 
3、安装rsyslog 

点击(此处)折叠或打开

  1. ./configure --enable-mysql
  2. make && make install
  3. cp rsyslog.conf /etc 
4、vim /etc/rsyslog.conf 

点击(此处)折叠或打开

  1. # if you experience problems, check
  2. # http://www.rsyslog.com/troubleshoot for assistance
  3. # rsyslog v3: load input modules
  4. # If you do not load inputs, nothing happens!
  5. # You may need to set the module load path if modules are not found.
  6. $ModLoad immark # provides --MARK-- message capability
  7. $ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
  8. $ModLoad imklog # kernel logging (formerly provided by rklogd)
=================新增下面2行================ 

点击(此处)折叠或打开

  1. $ModLoad ommysql
  2. *.* :ommysql:localhost,Syslog,root,123
============================================    主要是加载mysql数据库。 

点击(此处)折叠或打开

  1. # Log all kernel messages to the console.
  2. # Logging much else clutters up the screen.
  3. #kern.* /dev/console
  4. # Log anything (except mail) of level info or higher.
  5. # Don't log private authentication messages!
  6. *.info;mail.none;authpriv.none;cron.none -/var/log/messages
  7. # The authpriv file has restricted access.
  8. authpriv.* /var/log/secure
  9. # Log all the mail messages in one place.
  10. mail.* -/var/log/maillog
  11. # Log cron stuff
  12. cron.* -/var/log/cron
  13. # Everybody gets emergency messages
  14. *.emerg *
  15. # Save news errors of level crit and higher in a special file.
  16. uucp,news.crit -/var/log/spooler
  17. # Save boot messages also to boot.log
  18. local7.* /var/log/boot.log
  19. # Remote Logging (we use TCP for reliable delivery)
  20. # An on-disk queue is created for this action. If the remote host is
  21. # down, messages are spooled to disk and sent when it is up again.
  22. #$WorkDirectory /rsyslog/spool # where to place spool files
  23. #$ActionQueueFileName uniqName # unique name prefix for spool files
  24. #$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
  25. #$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
  26. #$ActionQueueType LinkedList # run asynchronously
  27. #$ActionResumeRetryCount -1 # infinite retries if host is down
  28. # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
  29. #*.* @@remote-host:514
  30. # ######### Receiving Messages from Remote Hosts ##########
  31. # TCP Syslog Server:
  32. # provides TCP syslog reception and GSS-API (if compiled to support it)
  33. #$ModLoad imtcp.so # load module
  34. #$InputTCPServerRun 514 # start up TCP listener at port 514
  35. # UDP Syslog Server:
=====去掉下面2行的注释,主要是接收客户的日志==== 

点击(此处)折叠或打开

  1. $ModLoad imudp.so # provides UDP syslog reception
  2. $UDPServerRun 514 # start a UDP syslog server at standard port 514
保存退出,开启防火墙的UDP 514端口,重启防火墙。 
5、建立rsyslog启动脚本。 

点击(此处)折叠或打开

  1. cp -rp /etc/init.d/syslog /etc/init.d/rsyslog
  2. sed -i 's/syslog/rsyslog/g' /etc/init.d/rsyslog
  3. ln -s /usr/local/sbin/rsyslogd /sbin/rsyslogd
=====停止自带的syslog日志服务==== 

点击(此处)折叠或打开

  1. service syslog stop
6、导入数据库。 

点击(此处)折叠或打开

  1. cd /root/syslog/rsyslog-5.8.1/plugins/ommysql
mysql -uroot -p 密码: 
启动rsyslog 

点击(此处)折叠或打开

  1. service rsyslog start
检查数据库是否有相应数据 

点击(此处)折叠或打开

  1. mysql -uroot -p
  2. use Syslog;
  3. select * from SystemEvents;
如果有数据,则表示成功。 
7、安装loganalyzer-3.0.4 

点击(此处)折叠或打开

  1. tar xvzf loganalyzer-3.0.4.tar.gz
  2. cd loganalyzer-3.0.4
  3. mv src/* /usr/local/apache/htdocs/syslog/
  4. mv contrib/* /usr/local/apache/htdocs/syslog/
  5. chmod u+x /usr/local/apache/htdocs/syslog/*.sh
  6. ./configure.sh
  7. ./secure.sh
  8. chmod 666 config.php
  9. chown -R daemon.daemon *
8、登录web安装。 
http://ip地址/syslog 
具体按步骤一步一步点下去,基本就安装完了。 
这里说2个注意点,在这里我可是耗了好长时间: 
在按步骤一步步点下去的时候,一定要主要Syslog数据库的表名称为:SystemEvents,在这里我刚开始没注意到,所以走了很多弯路。 
9、linux客户端部署: 
客户端部署比较简单:

点击(此处)折叠或打开

  1. yum install rsyslog -y
  2. vim /etc/syslog.conf
在最后面添加:

点击(此处)折叠或打开

  1. *.* @服务端IP
保存退出,重启syslog服务。 

点击(此处)折叠或打开

  1. service syslog restart
此时在服务器上就可以看到相关服务器的日志信息了。 

安装包下载链接:
1:http://libestr.adiscon.com/
2:http://www.libee.org/
3:http://www.rsyslog.com/



阅读(476) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~
评论热议
请登录后评论。

登录 注册