Shulou(Shulou.com)06/01 Report--

Rsyslog is linux's own logging software, which can also collect syslog logs from local and other devices.

Loganalyzer is a log viewing system based on the lamp platform.

However, when I checked after the installation, the refresh response of the log content was very slow. I don't know why.

Environment

Rsyslog+loganalyzer server: CentOS6.7mini IP address: 10.1.1.199

Device: firewall 10.3.2.1amp 10.1.1.1

Switch 192.168.2.2Universe 192.168.0.2

Server windows2008r2 ip address: 10.1.1.200

Note: my CentOS has closed iptable and selinux.

Service iptable stop # # turn off the firewall

Chkconfig iptable off # # set not to start the firewall when booting

Setenforce 0 # # can be temporarily shut down, but it will change to its original state after reboot.

# # modify the / etc/sysconfig/selinux file to permanently disable it.

First, install lamp

# yum-y install httpd php* sql*

# service httpd start

# chkconfig httpd on

# service mysqld start

# chkconfig mysqld on

# mysqladmin-uroot password 'abc123'

# cd / var/www/html/

# cat > index.php

> EOF

Open a browser and visit http://10.1.1.199/ to see if php information can be displayed.

Install the module for rsyslog to connect to the MySQL database

# yum install rsyslog--mysql-y

The rsyslog system is installed by default. You can use rpm-qa | grep rsyslog to check whether to install it.

Rsyslog--mysql is a module that delivers logs to the MySQL database for rsyslog, which must be installed here.

Import rsyslog-mysql database files

# cd / usr/share/doc/rsyslog-mysql-5.8.10/

# mysql-uroot-pabc123

Show databases; # # display all libraries

Mysql > use Syslog; # # use the library Syslog

Mysql > show tables; # # displays the table of the current library

Mysql > select * from SystemEvents; # # displays all the data in the table SystemEvents

The table will show that the result is empty, but the first time I experimented, I hinted

However, "Library damage, please fix"

Create relevant permissions for rsyslog users under mysql

Mysql > grant all on Syslog.* to rsyslog@localhost identified by '123456'

Mysql > flush privileges

Mysql > exit

3. Configure the server to support rsyslog-mysql module

# vi / etc/rsyslog.conf

Add the following two lines under # MODULES # to connect rsyslog to the database.

$ModLoad ommysql

*. *: ommysql:localhost,Syslog,rsyslog,123456

Description: *. * means to import all log files (you can configure them according to your own requirements after debugging).

Localhost represents the local host, Syslog is the database name, rsyslog is the user of the database, and 123456 is the user's password.

Open the relevant log module and delete the # of each line.

$ModLoad immark # # immark is the module name, which supports log marking

$ModLoad imudp # # imupd is the module name and supports udp protocol

UDPServerRun 514 # # allows port 514 to receive logs forwarded using UDP and TCP protocols

Restart rsyslog service after saving and exiting

# / etc/init.d/rsyslog restart

4. Configure the device (first configure one for testing)

Fill in the log host address on the switch and firewall with 10.1.1.199 and port 514.

Then check to see if there is any data in mysql

# mysql-uroot-pabc123

Mysql > show databases

Mysql > use Syslog

Mysql > show tables

Mysql > select * from SystemEvents; # # displays all the data in the table SystemEvents

If normal, there will be data to show.

Note: if the data can be displayed, it is normal. Otherwise, check to see if the network is open, whether the firewall and selinux are off, and so on. It's best to check it once and restart it and check it again. Continue after normal.

5. Configure loganalyzer

(to be continued)

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.