升级rsyslog
centos7自带rsyslog的老版本,先升级
wget http://rpms.adiscon.com/v8-stable/rsyslog.repo
mv rsyslog.repo /etc/yum.repos.d/rsyslog.repo
yum install rsyslog* --skip-broken
systemctl start rsyslog
systemctl enable rsyslog
向mysql导入rsyslog数据库
mysql -u root -p < /usr/share/doc/rsyslog-mysql-8.23.0/createDB.sql
mysql -u root -p Syslog
GRANT ALL ON Syslog.* TO rsadmin@localhost IDENTIFIED BY 'rspass';
FLUSH PRIVILEGES;
exit;
配置rsyslog
vim /etc/rsyslog.conf
添加mysql模块
module(load="ommysql") # Load the MySQL Module
取消注释
# Provides UDP syslog reception
# for parameters see http://www.rsyslog.com/doc/imudp.html
module(load="imudp") # needs to be done just once
input(type="imudp" port="514")
# Provides TCP syslog reception
# for parameters see http://www.rsyslog.com/doc/imtcp.html
module(load="imtcp") # needs to be done just once
input(type="imtcp" port="514")
添加转发规则
*.* :ommysql:127.0.0.1,Syslog,rsadmin,rspass
# ### end of the forwarding rule ###
systemctl restart rsyslog
检查配置是否成功
mysql -u rsadmin -p Syslog
mysql> select count(*) from SystemEvents;
+----------+
| count(*) |
+----------+
| 2 |
+----------+
安装loganalyzer
wget http://download.adiscon.com/loganalyzer/loganalyzer-4.1.5.tar.gz
tar zxvf loganalyzer-4.1.5.tar.gz
cp -r loganalyzer-4.1.5/src/ /var/www/html/loganalyzer
cp -r loganalyzer-4.1.5/contrib/* /var/www/html/loganalyzer/
cd /var/www/html/loganalyzer/
chmod +x configure.sh secure.sh
./configure.sh
loganalyzer初始化
http://your-server-ip/loganalyzer
一路next,有yes的地方选yes有填表的地方,填一下mysql的相关信息。
step7里选MYSQL Native,SystemEvents注意大小写。
如果配置错了,可以在admin center - sources 里修改。
参考:
http://www.systeen.com/2016/05/08/install-rsyslog-v8-loganalyzer-v4-centos-7/
网友评论