Shulou(Shulou.com)06/01 Report--

Linux syslog system log management

=

Rsyslog logs in mysql:

Do the following:

Lab environment: CentOS 7 operating system

Premise:

Prepare msql server or mariadb server (be sure to edit the configuration file / etc/my.cnf, add skip reverse parsing, etc.) and start the service

The steps of the experiment:

1. Install the driver module connected to the mysql server by rsyslog

# yum install rsyslog-mysql

two。 Prepare rsyslog-specific user accounts in mysql server

[root@centos7] # mysql-pEnter password: Welcome to the MariaDB monitor. Commands end with; or\ g.Your MariaDB connection id is 3Server version: 5.5.44-MariaDB MariaDB ServerCopyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others.Type 'help;' or'\ h' for help. All tables of Type'\ c' to clear the current input statement.# authorization database Syslog allow rsyslog users to access on the local host with the password 134296MariaDB [(none)] > GRANT ALL ON Syslog.* TO 'rsyslog'@'127.0.0.1' IDENTIFIED BY' 134296' Query OK, 0 rows affected (0.00 sec) # for security reasons, license a local host using local MariaDB [(none)] > GRANT ALL ON Syslog.* TO 'rsyslog'@'local' IDENTIFIED BY' 134296 alternative query OK, 0 rows affected, 1 warning (0.00 sec) MariaDB [(none)] > FLUSH PRIVILEGES Query OK, 0 rows affected (0.01sec) MariaDB [(none)] > use mysql;MariaDB [mysql] > SELECT user,host,password FROM user +-+ | user | host | password | +-+- -+-- + | root | localhost | * 41EE0F8759D5340036B009143E1727DB5787A448 | | root | centos7 | * 41EE0F8759D5340036B009143E1727DB5787A448 | | root | 127.0.0.1 | * 41EE0F8759D5340036B009143E1727DB5787A448 | | root |:: 1 | * 41EE0F8759D5340036B009143E1727DB5787A448 | | ultraxuser | 127.0.0.1 | * 41EE0F8759D5340036B009143E1727DB5787A448 | | ultraxuser | localhost | * 41EE0F8759D5340036B009143E1727DB5787A448 | | rsyslog | | | 127.0.0.1 | * 41EE0F8759D5340036B009143E1727DB5787A448 | # authorized user | rsyslog | local | * 41EE0F8759D5340036B009143E1727DB5787A448 | +-- + 8 rows in set (0.00 sec) MariaDB [mysql] >\ qBye |

3. Generate the required databases and tables

Previously, you have installed the driver module rsyslog-mysql that connects rsyslog to mysql server, and check its configuration file as follows:

[root@centos7 ~] # rpm-ql rsyslog-mysql/usr/lib64/rsyslog/ommysql.so/usr/share/doc/rsyslog-7.4.7/mysql-createDB.sql # is a script file [root@centos7 ~] # cat / usr/share/doc/rsyslog-7.4.7/mysql-createDB.sqlCREATE DATABASE Syslog;USE Syslog that generates databases and tables CREATE TABLE SystemEvents (ID int unsigned not null auto_increment primary key, CustomerID bigint, ReceivedAt datetime NULL, DeviceReportedTime datetime NULL, Facility smallint NULL, Priority smallint NULL, FromHost varchar (60) NULL, Message text, NTSeverity int NULL, Importance int NULL, EventSource varchar (60), EventUser varchar (60) NULL, EventCategory int NULL, EventID int NULL EventBinaryData text NULL, MaxAvailable int NULL, CurrUsage int NULL, MinUsage int NULL, MaxUsage int NULL, InfoUnitID int NULL, SysLogTag varchar (60), EventLogType varchar (60), GenericFileName VarChar (60), SystemID int NULL) CREATE TABLE SystemEventsProperties (ID int unsigned not null auto_increment primary key, SystemEventID int NULL, ParamName varchar (255) NULL, ParamValue text NULL)

Import the script directly into the database

[root@centos7] # mysql-ursyslog-h227.0.0.1-p134296

< /usr/share/doc/rsyslog-7.4.7/mysql-createDB.sql# 登录数据库查看如下：[root@centos7 ~]# mysql -ursyslog -h227.0.0.1 -p134296Welcome to the MariaDB monitor. Commands end with ; or \g.Your MariaDB connection id is 7Server version: 5.5.44-MariaDB MariaDB ServerCopyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MariaDB [(none)]>

Show databases;+-+ | Database | +-+ | information_schema | | Syslog | | test | +-+ 3 rows in set (0.00 sec) MariaDB [(none)] > use Syslog Reading table information for completion of table and column namesYou can turn off this feature to get a quicker startup with-ADatabase changedMariaDB [Syslog] > show tables +-+ | Tables_in_Syslog | +-+ | SystemEvents | | SystemEventsProperties | +-+ 2 rows in set (0.00 sec) MariaDB [Syslog] > desc SystemEvents +-+ | Field | Type | Null | Key | Default | Extra | +- -+-+ | ID | int (10) unsigned | NO | PRI | NULL | auto_increment | | CustomerID | bigint (20) | YES | | NULL | | | ReceivedAt | datetime | YES | | NULL | DeviceReportedTime | datetime | YES | | NULL | | Facility | smallint (6) | YES | | NULL | | Priority | smallint (6) | YES | | NULL | | | FromHost | varchar (60) | YES | | NULL | Message | text | YES | | NULL | | NTSeverity | int (11) | YES | | NULL | | Importance | int (11) | YES | | NULL | | | EventSource | varchar (60) | YES | | NULL | EventUser | varchar (60) | YES | | NULL | | EventCategory | int (11) | YES | | NULL | | EventID | int (11) | YES | | NULL | | EventBinaryData | text | YES | | NULL | | MaxAvailable | int (11) | YES | | NULL | | CurrUsage | int (11) | YES | | NULL | | MinUsage | int (11) | YES | | | NULL | | MaxUsage | int (11) | YES | | NULL | | InfoUnitID | int (11) | YES | | NULL | | SysLogTag | varchar (60) | YES | | NULL | | EventLogType | varchar (60) | | YES | | NULL | | GenericFileName | varchar (60) | YES | | NULL | | SystemID | int (11) | YES | | NULL | | + -- + 24 rows in set (0.01sec) MariaDB [Syslog] > Ctrl-C-- exited aborted

4. Configure rsyslog to use the ommysql module

[root@centos7 ~] # vim / etc/rsyslog.conf # MODULES #. $ModLoad ommysql

5. Configure RULES to record the desired log information in mysql

Facility.priority: ommysql:DBHOST,DB,DBUSER,DBUSERPASS

6. Restart the rsyslog service; log in to the database to view the following

# systemctl start rsyslog # restart the service [root@centos7 ~] # mysql-ursyslog-h227.0.0.1-p134296Welcome to the MariaDB monitor. Commands end with; or\ g.Your MariaDB connection id is 9Server version: 5.5.44-MariaDB MariaDB ServerCopyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others.Type 'help;' or'\ h' for help. Type'\ c' to clear the current input statement.MariaDB [(none)] > use Syslog;Reading table information for completion of table and column namesYou can turn off this feature to get a quicker startup with-ADatabase changedMariaDB [Syslog] > select * from SystemEvents\ G * * 11. Row * * ID: 11 CustomerID: NULL ReceivedAt: 2016-10-2016: 00:01DeviceReportedTime: 2016-10-2016: 00:01 Facility: 9 Priority: 6 FromHost: Centos7 Message: (root) CMD (/ usr/lib64/sa/sa1 1 1) NTSeverity: NULL Importance: NULL EventSource: NULL EventUser: NULL EventCategory: NULL EventID: NULL EventBinaryData: NULL MaxAvailable: NULL CurrUsage: NULL MinUsage: NULL MaxUsage: NULL InfoUnitID: 1 SysLogTag: CROND [3521]: EventLogType: NULL GenericFileName: NULL SystemID: NULL11 rows in set (0.00 sec)

7.loganalyzer graphical tool

WebGUI, running in amp environment

1) obtain loganalyzer-3.6.5.tar.gz

Lftp 10.1.0.1:/pub/Sources/sources/loganalyzer > ls-rwxr--r-- 1500500 1046600 Aug 24 2013 loganalyzer-3.6.4.tar.gz-rwxr--r-- 15001046957 Aug 19 2014 loganalyzer-3.6.5.tar.gzlftp 10.1.0.1:/pub/Sources/sources/loganalyzer > mget loganalyzer-3.6.5.tar.gz 1046957 bytes transferred Lftp 10.1.0.1:/pub/Sources/sources/loganalyzer > bye [root@centos7 ~] # lsanaconda-ks.cfg bin Templates Desktop Documents loganalyzer-3.6.5.tar.gz Pictures VideosDownloads Music Public [root@centos7 ~] # tar xf loganalyzer-3.6.5.tar.gz # decompress [root@centos7 ~] # cd loganalyzer-3.6.5/ [root@centos7 loganalyzer-3.6 .5] # admin bbs drupal-7.28 lastlog.txt messages.txt phpinfo.php phpMyAdmin-4.0.5-all-languages php-mysql.php pma src text.html# only copies the src directory to / var/www/html/ And named loganalyzer-3.6.5 [root@centos7 loganalyzer-3.6.5] # cp-a src/ / var/www/html/loganalyzer-3.6.5 [root@centos7 loganalyzer-3.6.5] # cd / var/www/html/ [root@centos7 html] # ln-sv loganalyzer-3.6.5/ log # to create a soft link 'log'->' loganalyzer-3.6.5/' [root@centos7 html] # lltotal 432drwxr XR- X 2 root root 38 Oct 14 12:51 admindrwxr-xr-x 12 root root 4096 Jun 9 2015 bbsdrwxr-xr-x 9 6226 4096 May 8 2014 May 8 2014 drupal-7.28-rw-r--r-- 1 root root 585460 Oct 10 22:08 lastlog.txtlrwxrwxrwx 1 root root 18 Oct 20 16:27 log-> loganalyzer-3.6.5/ # Link File drwxrwxr-x 14 root root 4096 Oct 9 2013 loganalyzer-3.6.5-rw-r--r- -1 root root 329712 Oct 11 09:19 messages.txt-rw-r--r-- 1 root root 25 Oct 11 22:03 phpinfo.phpdrwxr-xr-x 9 root root 4096 Oct 13 11:05 phpMyAdmin-4.0.5-all-languages-rw-r--r-- 1 root root 329712 Oct 12 22:27 php-mysql.phplrwxrwxrwx 1 root root 31 Oct 13 10:54 pma-> phpMyAdmin-4.0.5-all-languages/-rw-r-- RMI-1 root root 139 Oct 8 17:00 text.html# go to the original directory and find the contrib directory There are two scripts that can help us configure the source code. [root@centos7 loganalyzer-3.6.5] # ls contrib/configure.sh secure.sh [root@centos7 loganalyzer-3.6.5] # cp contrib/* / var/www/html/log/ # copy past [root@centos7 log] # cat configure.sh # learn from the installation steps to execute this script #! / bin/shtouch config.phpchmod 666 config.php [root@centos7 log] # cat secure.sh #! / bin/sh chmod 644 config. Execute this script [root@centos7 log] # touch config.php # after php # installation is complete, because it is too simple You can modify it manually by yourself [root@centos7 log] # chmod 666 config.php

2) prepare the amp environment, which uses httpd+php as the module

3) the installation configuration is as shown below

Note: here localhost should be changed to 127.0.0.1 to edit the configuration file config.php.

Install php-gd to display bar chart

The steps are summarized as follows:

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.