一、系統環境
Rsyslog Server OS:CentOS 7
Rsyslog Server IP:172.28.194.118
Rsyslog Version: rsyslog-7.4.7-12.el7.x86_64
LogAnalyzer Version: loganalyzer-4.1.7.tar.gz
rsyslog-8.24.0-12.el7.x86_64(centos7默認安裝)
二、准備環境
2.1 關閉防火牆:
#systemctl stop firewalld
2.2 將SELINUX設置為disabled
setenforce 0
sed -i ‘s#SELINUX=enforcing#SELINUX=disabled#g’ /etc/selinux/config
三、配置LAMP環境
3.1 配置LAMP
yum -y install httpd mysql* php*
mkdir /home/rsyslog_server/tools -p (創建下載文件存放目錄)
cd /home/rsyslog_server/tools
yum install wget -y
wget http://dev.mysql.com/get/mysql57-community-release-el7-8.noarch.rpm
rpm -Uvh mysql57-community-release-el7-8.noarch.rpm (安裝mysql官方yum倉庫)
yum install mysql-community-server -y
systemctl start mysqld.service
systemctl status mysqld.service
grep ‘temporary password’ /var/log/mysqld.log (查看初始密碼,記錄好初始密碼,紅色圈文字為初始密碼)
mysql -u root -p
提示輸入密碼:輸入剛才查看的初始密碼
輸入密碼號,再修改密碼,如下命令!
ALTER USER 'root'@'localhost' IDENTIFIED BY 'Lanqing@123'; (修改密碼)
3.2 配置Apache和PHP
yum install httpd -y
yum install php php-gd php-xml php-mysql -y
3.3 啟動服務並加入開機自啟動:
systemctl start httpd.service
systemctl enable httpd.service
systemctl start mysqld.service
systemctl enable mysqld.service
3.4 測試PHP環境
[root@localhost ~]# cd /var/www/html/
[root@localhost html]# vim index.php
<?php
phpinfo();
?>
打開瀏覽器訪問:http://172.28.194.118/index.php
四、安裝服務器端軟件
4.1 檢查是否安裝了rsyslog軟件
rpm -qa|grep rsyslog
4.2 安裝rsyslog 連接MySQL數據庫的模塊
yum install rsyslog-mysql –y
五、配置服務器端
5.1 導入rsyslog-mysql 數據庫文件
cd /usr/share/doc/rsyslog-8.24.0
mysql -uroot -p<mysql-createDB.sql
5.2 登錄數據庫查看
mysql -uroot –p
5.3 在MySQL下創建rsyslog用戶並授權:
mysql> grant all on Syslog.* to rsyslog@‘localhost’ identified by 'Lanqing@123'
mysql> flush privileges;
mysql> exit
5.4 配置服務端支持rsyslog-mysql 模塊,並開啟UDP服務端口獲取網內其他LINUX系統日志;
以下為重點需要修改的地方!!!!!
vi /etc/rsyslog.conf
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
$ModLoad ommysql
*.* :ommysql:localhost,Syslog,rsyslog,Vxichina@123
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$template Remote,"/var/log/data/%fromhost-ip%/%fromhost-ip%_%$YEAR%-%$MONTH%-%$DAY%.log"
:fromhost-ip, !isequal, "127.0.0.1" ?Remote
#Standard Redhat syslog settings
.info;mail.none;authpriv.none;cron.none /var/log/messages
authpriv. /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
.emerg *
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
$template MySQLInsert,"insert into SystemEvents (Message, Facility, FromHost,Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values ('%msg%', %syslogfacility%, '%fromhost-ip%', %syslogpriority%, '%timereported:::date-mysql%', '%timegenerated:::date-mysql%', %iut%, '%syslogtag%')",SQL
客戶端配置:(服務端可以不配置)
再末尾添加服務器IP地址(接收日志的服務器IP)
#vi /etc/rsyslog.conf
*.* @172.28.194.118
vi /etc/bashrc
在文件尾部增加一行
export PROMPT_COMMAND=’{ msg=$(history 1 | { read x y; echo KaTeX parse error: Expected 'EOF', got '}' at position 4: y; }̲);logger "[euid…(whoami)]":(whoami):[‘pwd‘]" (who am i):[`pwd`]"(whoami):[‘pwd‘]"msg"; }’
#source /etc/bashrc -----------------使其生效
六、安裝LogAnalyzer
cd /home/rsyslog_server/tools/
wget http://download.adiscon.com/loganalyzer/loganalyzer-4.1.7.tar.gz
tar zxf loganalyzer-4.1.7.tar.gz
cd loganalyzer-4.1.7
mkdir -p /var/www/html/loganalyzer
cp -rf src/* /var/www/html/loganalyzer/
cp -rf contrib/* /var/www/html/loganalyzer
重啟服務
systemctl restart rsyslog.service
systemctl start mysqld.service
systemctl start httpd.service
七、在瀏覽器中進行安裝LogAnalyzer
7.1 輸入http://172.28.194.118/loganalyzer/,點擊here
!!!***File does NOT exist!!***!!!!!!!!!!
提示錯誤:缺少config.php 文件,並且權限要設置為666,可以使用contrib目錄下的configure.sh 腳本生成。
需要在/var/www/html/loganalyzer/ 下創建config.php 文件,可以通過configure.sh文件生成
cd /var/www/html/loganalyzer/
sh configure.sh
刷新網頁恢復正常,點擊next!!
按照下圖修改,一定要注意不要修改錯了。
設置管理賬號密碼!!!!
這里 SystemEvents S和 E 是大寫的,S和E一定要大寫!!!!,下圖的是小的events 有問題。
——————————————配置完成—————————————————————