centos7升级RSYSLOG v8、安装LogAnalyze

升级rsyslog

centos7自带rsyslog的老版本，先升级

wget http://rpms.adiscon.com/v8-stable/rsyslog.repo
mv rsyslog.repo /etc/yum.repos.d/rsyslog.repo
yum install rsyslog* --skip-broken
systemctl start rsyslog
systemctl enable rsyslog

向mysql导入rsyslog数据库

mysql -u root -p < /usr/share/doc/rsyslog-mysql-8.23.0/createDB.sql
mysql -u root -p Syslog
GRANT ALL ON Syslog.* TO rsadmin@localhost IDENTIFIED BY 'rspass';
FLUSH PRIVILEGES;
exit;

配置rsyslog

vim /etc/rsyslog.conf

添加mysql模块

module(load="ommysql") # Load the MySQL Module
取消注释
# Provides UDP syslog reception
# for parameters see http://www.rsyslog.com/doc/imudp.html
module(load="imudp") # needs to be done just once
input(type="imudp" port="514")
# Provides TCP syslog reception
# for parameters see http://www.rsyslog.com/doc/imtcp.html
module(load="imtcp") # needs to be done just once
input(type="imtcp" port="514")
添加转发规则
*.* :ommysql:127.0.0.1,Syslog,rsadmin,rspass
# ### end of the forwarding rule ###
systemctl restart rsyslog

检查配置是否成功

mysql -u rsadmin -p Syslog
mysql> select count(*) from SystemEvents;
+----------+
| count(*) |
+----------+
| 2 |
+----------+

安装loganalyzer

wget http://download.adiscon.com/loganalyzer/loganalyzer-4.1.5.tar.gz
tar zxvf loganalyzer-4.1.5.tar.gz
cp -r loganalyzer-4.1.5/src/ /var/www/html/loganalyzer
cp -r loganalyzer-4.1.5/contrib/* /var/www/html/loganalyzer/
cd /var/www/html/loganalyzer/
chmod +x configure.sh secure.sh 
./configure.sh

loganalyzer初始化

http://your-server-ip/loganalyzer
一路next，有yes的地方选yes有填表的地方，填一下mysql的相关信息。
step7里选MYSQL Native，SystemEvents注意大小写。
如果配置错了，可以在admin center - sources 里修改。
参考：
http://www.systeen.com/2016/05/08/install-rsyslog-v8-loganalyzer-v4-centos-7/