Shulou(Shulou.com)06/03 Report--

1. Basic environment construction

1.1 system version

Cat / etc/redhat-release CentOS Linux release 7.3.1611 (Core)

1.2 turn off the firewall

Systemctl stop firewalld.service # stop firewallsystemctl disable firewalld.service # disable firewall boot

1.3 turn off selinux

Vim / etc/selinux/configSELINUX=disabled

two。 Install the database

Yum for installation: yum install mariadb-server mariadb- y start database: systemctl start mariadb.service View status: systemctl status mariadb.service Settings Boot: systemctl enable mariadb.service set password: mysqladmin-u root password '123456' modify data file storage location: systemctl stop mariadb.servicemkdir / mysqldatacp-rp / var/lib/mysql/* / mysqldata/ cp-p / etc/my.cnf { .bak} vim / etc/my.cnf modify datadir parameter datadir=/mysqldata restart database: systemctl start mariadb.service

3. Install Apache and PHP

Yum install httpd php php-gd php-xml php-mysql# systemctl start httpd.service# systemctl enable httpd.service test php environment cd / var/www/htmlvim index.php browser opens 192.168.101.128 to view

4. Server-side configuration software rsyslog

# check whether the software is installed (system default) rpm-qa rsyslog # install the rsyslog module connecting to the MySQL database yum install rsyslog-mysql-y # Import the log database cd / usr/share/doc/rsyslog-7.4.7/mysql-u root-p

Show databases; # shows the existing database MariaDB [(none)] > use Syslog; MariaDB [Syslog] > show tables;# to create rsyslog users with a password of 123456MariaDB [Syslog] > create user 'rsyslog'@'localhost' identified by' 123456users; # Grant permissions for all tables under the Syslog database to rsyslog database users MariaDB [Syslog] > grant all on Syslog.* to 'rsyslog'@'localhost';MariaDB [Syslog] > flush privileges # insert the field MariaDB [Syslog] > ALTER TABLE `SystemEvents` ADD COLUMN `FromIP` varchar of the source ip `FromHost` # modify rsyslog configuration file cd / etc/rsyslog.dvim loganalyzer.conf$ModLoad immark # immark is the module name, and the log tag $ModLoad imudp# imupd is the module name Support for udp protocol $UDPServerRun 51posts allows port 514 to receive logs forwarded using UDP and TCP protocols $template insertpl, "insert into SystemEvents (Message, Facility, FromHost, FromIP, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values ('% msg%',% syslogfacility%,'% HOSTNAME%','% fromhost-ip%',% syslogpriority%,'% timereported:::date-mysql%','% timegenerated:::date-mysql%',% iut%,'% syslogtag%')" SQL$ModLoad ommysql * .warn Authpriv.*: ommysql:localhost,Syslog,rsyslog,123456;insertplsystemctl restart rsyslog.service# verifies whether the log is written to the database on the server side: logger-p warn "nihao" tail-f / var/log/messages # keep a copy of the local log # check it in the server mysql, and the log is successfully stored in the database mysql-u rsyslog-pmysql > use Syslog;mysql > select * from SystemEvents\ G; verification is successful!

5. Client configuration software rsyslog

# check whether the software is installed (system default) rpm-qa rsyslog # modify the rsyslog configuration file cd / etc/rsyslog.dvim client.conf*.warn Authpriv.* @ 192.168.101.128:514systemctl restart rsyslog.service verifies on the client side whether the log is stored in the server-side database: logger-p warn "nihaoma1" tail-f / var/log/messages # local log is stored in the server-side mysql to view: mysql-u rsyslog-pmysql > use Syslog;mysql > select * from SystemEvents\ G; verification is successful!

Edit / etc/bashrc to write all commands executed by the client to Syslog / var/log/messages (optional)

# vi / etc/bashrc export PROMPT_COMMAND=' {msg=$ (history 1 | {read x y; echo $y;}); logger "[euid=$ (whoami)]": $(whoami): [`pwd`] "$msg";}'# add this content setting at the end to make it effective # source / etc/bashrc

6. Construction of server-side loganalyzer log analysis tool

Wget http://download.adiscon.com/loganalyzer/loganalyzer-4.1.5.tar.gz tar-zxvf loganalyzer-4.1.5.tar.gz mkdir-p / var/www/html/loganalyzer/ cp-rp loganalyzer-4.1.5/src/* / var/www/html/loganalyzer/ cd / var/www/html/loganalyzer/ touch config.phpchmod 666 config.php

Next, open the web page 192.168.101.128/loganalyzer to configure

Let's start to configure loganalyzer to display the source ip

Log back into the browser: http://192.168.101.128/loganalyzer. Then the source ip is displayed

At this point, rsyslog and loganalyzer have been configured.

For more details on loganalyzer operation, please refer to http://blog.csdn.net/xdnabl/article/details/51120873

Http://teemomo.blog.51cto.com/2376140/1160824

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.