Shulou(Shulou.com)06/01 Report--

This article mainly introduces the handout of rsyslog log analysis, hoping to supplement and update some knowledge, if you have any other questions you need to know, you can continue to follow my updated article in the industry information.

1. Install Apache

[root@localhost ~] # yum-y install httpd

# Boot self-boot

[root@localhost ~] # chkconfig httpd on

# start the httpd service

[root@localhost ~] # service httpd start

# install some extensions to apache. You don't have to add them if the business doesn't need it.

[root@localhost ~] # yum-y install httpd-manual mod_ssl mod_perl mod_auth_mysql

Now type http://localhost or http:// native IP directly into the browser, and you should see the test page for Apache, where you need to pay attention to the setting of iptables.

2. Install and configure MySQL

# mysql client Program

# mysql-server server program

# libraries developed and designed by mysql-devel

[root@localhost ~] # yum-y install mysql mysql-server mysql-devel

# Boot start

[root@localhost ~] # chkconfig mysqld on

# start the mysqld service

[root@localhost ~] # service mysqld start

# do some security configuration, delete anonymous users to set mysql management password and so on.

[root@localhost ~] # / usr/bin/mysql_secure_installation

Root@localhost ~] # netstat-tulpn | grep-I mysql

Tcp 0 0 0.0.0.0 3306 0.0.0.015 * LISTEN 1723/mysqld

OK, we see that mysqld has been started, listening on port 3306.

3. Install php

Install related modules: in order for PHP to support MySQL, we can install the php-mysql package, or we can search for available php modules using the following command

[root@localhost ~] # yum-y install php php-mysql

# install common php extensions

[root@localhost ~] # yum search php

[root@localhost ~] # yum-y install gd php-gd gd-devel php-xml php-common php-mbstring php-ldap php-pear php-xmlrpc php-imap

# restart the httpd service, this step is very important

[root@localhost ~] # service httpd restart

Then, we provide the php page to test

[root@localhost ~] # cd / var/www/html/

[root@localhost html] # vi index.php

The message of php appears. The LAMP installation is complete.

Next, install loganalyzer.

1. Download loganalyzer.tar.gz

# wget http://download.adiscon.com/loganalyzer/loganalyzer-3.6.5.tar.gz

# tar xzf loganalyzer-3.6.5.tar.gz

two。 Configure loganalyzer in http

# mv loganalyzer-3.6.5/src / var/www/html/loganalyzer

3. Create a configuration file for the loganalyzer installation

# cd / var/www/html/loganalyzer

# touch config.php

# chown apache:apache config.php

# chmod 777 config.php

4. Enter the web interface for installer

Http://172.18.9.135/loganalyzer/

4.1 you made a mistake in the first step. Don't worry.

4.2

4.3Mysql configuration database.

Because we haven't created the database yet. So first go to configure the database for this step of configuration.

Rsyslog MySQL Database: Syslog

Rsyslog MySQL Username: rsyslog

Rsyslog MySQL Password: MYSQLPASSWORD

4.3.1 check if rsyslog software is installed

# rpm-qa | grep rsyslog / / this software is installed by default

4.3.2 install the module for rsyslog to connect to the MySQL database

# yum install rsyslog-mysql-y

Rsyslog-mysql is a module that delivers logs to the MySQL database for rsyslog, which must be installed here.

Configure rsyslog connection msyql

Vi / etc/rsyslog.conf

$ModLoad ommysql

*. *: ommysql:localhost,Syslog,rsyslog,123456

Add the above two lines under # # MODULES #

Open the related log module

# vi / etc/rsyslog.conf

$ModLoad immark # immark is the module name, which supports log marking

$ModLoad imudp # imupd is the module name and supports udp protocol

UDPServerRun 514 # allows port 514 to receive logs forwarded using UDP and TCP protocols

4.3.3 configuration database

Import rsyslog-mysql database files

# cd / usr/share/doc/rsyslog-mysql-5.8.10/

# mysql-uroot-pmysqlpassword

Show databases

Mysql > show tables

The import database operation creates the Syslog library and creates two empty tables SystemEvents and SystemEventsProperties in the library.

Create relevant permissions for rsyslog users under mysql

# mysql-uroot-p

Mysql > grant all on Syslog.* to rsyslog@localhost identified by '123456'

Mysql > flush privileges

Mysql > exit

4.4 create a table

4.5Test sql results

4.5 create an administrator

After the creation is complete, you can log in. The great task has been completed. NO!

There are still a few more difficult mistakes waiting for us. Some of these errors are basically unanswered in baidu. After many attempts, I finally solved it. It will be posted below for your reference.

1. No syslog records found-Error Details

Solution:

1.1 modify / var/www/html/loganalyzer/config.php

$CFG ['Sources'] [' Source1'] ['DBTableName'] =' systemevents'; is

$CFG ['Sources'] [' Source1'] ['DBTableName'] = "SystemEvents"

1.2 Update database configuration

Mysql-uroot-p

Use Syslog

Mysql > update logcon_sources set DBTableName='SystemEvents' where ID=1

Mysql > flush privileges

two。 This mistake.

The error is that rsyslog's connection to mysql is not configured. Just connect. Ref. 4.3.2

Can do a client behavior monitoring gadget. Is to see in the log what commands all users have executed and what they have done.

Edit / etc/bashrc to write all commands executed by the client to Syslog / var/log/messages.

# vi / etc/bashrc

Add a line to the end of the file

Export PROMPT_COMMAND=' {msg=$ (history 1 | {read x y; echo $y;}); logger "[euid=$ (whoami)]": $(whoami): [`pwd`] "$msg";}'

Set it to take effect

# source / etc/bashrc

Configuration complete. In this way, the user's behavior will be written to messages. It can also be seen in loganalyzer.

After reading the above handouts on rsyslog log analysis, I hope it can give you some help in practical application. Due to the limited space in this article, it is inevitable that there will be deficiencies and need to be supplemented. If you need more professional answers, you can contact us on the official website for 24-hour pre-sales and after-sales to help you answer questions at any time.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.