rsyslog+loganalyaer配置中央日志服务器
2011-06-14 14:00
357 查看
准备程序包
rsyslog-5.8.1.tar.gz
xvf loganalyzer-3.2.1.tar.gz
vi rsyslog.sh
#!/bin/sh
#mysql conf
mysql_user='root'
mysql_pwd='123456'
run_user='root'
run_pwd='123456'
# Install env.
yum -y install mysql mysql-devel mysql-server php php-mysql php-pdo php-common php-gd httpd zlib-devel gcc gcc-c++
# Install rsyslog..
tar rsyslog-5.8.1.tar.gz
cd rsyslog-5.8.1
./configure --enable-mysql --prefix=/usr/local/rsyslog
make && make install
cd ..
# creat rsyslog config..
sed -e "s/ommysql:localhost,Syslog,root,/ommysql:localhost,Syslog,${run_user},${run_pwd};dbFormat/g" rsyslog.conf > /etc/rsyslog.conf
# stop system syslog..
service syslog stop
chkconfig syslog off
# create rsyslog startup script
cp /etc/init.d/{syslog,rsyslog}
# edit rsyslog startup script
sed -i 's/syslog/rsyslog/g' /etc/init.d/rsyslog
chmod 700 /etc/init.d/rsyslog
chkconfig --add rsyslog
chkconfig rsyslog on
# create rsyslog bin ln
ln -sv /usr/local/rsyslog/sbin/rsyslogd /sbin/rsyslogd
# conf mysql
service mysqld start
chkconfig mysqld on
mysqladmin -u root password "${mysql_pwd}"
# create sql
cat > createDB.sql << EOF
CREATE DATABASE Syslog default character set 'utf8';
USE Syslog;
CREATE TABLE SystemEvents
(
ID int unsigned not null auto_increment primary key,
CustomerID bigint,
ReceivedAt datetime NULL,
DeviceReportedTime datetime NULL,
Facility smallint NULL,
Priority smallint NULL,
FromHost varchar(60) NULL,
Message text,
NTSeverity int NULL,
Importance int NULL,
EventSource varchar(60),
EventUser varchar(60) NULL,
EventCategory int NULL,
EventID int NULL,
EventBinaryData text NULL,
MaxAvailable int NULL,
CurrUsage int NULL,
MinUsage int NULL,
MaxUsage int NULL,
InfoUnitID int NULL ,
SysLogTag varchar(60),
EventLogType varchar(60),
GenericFileName VarChar(60),
SystemID int NULL
) DEFAULT CHARSET='utf8';
CREATE TABLE SystemEventsProperties
(
ID int unsigned not null auto_increment primary key,
SystemEventID int NULL ,
ParamName varchar(255) NULL ,
ParamValue text NULL
) DEFAULT CHARSET='utf8';
grant all privileges on Syslog.* to '${run_user}'@localhost identified by '${run_pwd}';
EOF
# import sql
mysql -u${mysql_user} -p${mysql_pwd} < createDB.sql
# start rsyslog
service rsyslog restart
# install loganalyzer
tar xvf loganalyzer-3.2.1.tar.gz
cd loganalyzer-3.2.1
cp -r src/ /var/www/html/loganalyzer
cp -r contrib/* /var/www/html/loganalyzer
cd ..
chown -R apache.apache /var/www/html/loganalyzer
# use web install loganalyzer.
/bin/sh /var/www/html/loganalyzer/configure.sh
/bin/sh /var/www/html/loganalyzer/secure.sh
# start httpd
service httpd start
chkconfig httpd on
# edit src/include/functions_common.php function GetStringWithHTMLCodes
sed -i 's/htmlentities.*/htmlentities(\$myStr,ENT_QUOTES,"UTF-8");/g' /var/www/html/loganalyzer/include/functions_common.php
# reduce the privilege
read -n 1 -p 'Please go to install web, when finished, press Enter...'
cat > priv.sql << EOF
revoke all privileges on Syslog.* from '${run_user}'@localhost;
grant insert,delete,update,select,alter on Syslog.* to '${run_user}'@localhost identified by '${run_pwd}';
EOF
mysql -u${mysql_user} -p${mysql_pwd} < priv.sql
# clean
rm -rf priv.sql createDB.sql loganalyzer-3.2.1 rsyslog-5.8.1
chmod +x rsyslog.sh
./rsyslog.sh
如与panabit流量监控相结合的话.终端会一直弹出数据.无法操作.可以改下
弹出数据为Message from syslogd@2011-06-13T19:43:04.846104+08:00 10.35.2.2 PNB0>www 1307994563
vi /etc/rsyslog.conf
#*.emerg *
service rsyslog restart http://www.wushiqin.com/?p=76 转载
rsyslog-5.8.1.tar.gz
xvf loganalyzer-3.2.1.tar.gz
vi rsyslog.sh
#!/bin/sh
#mysql conf
mysql_user='root'
mysql_pwd='123456'
run_user='root'
run_pwd='123456'
# Install env.
yum -y install mysql mysql-devel mysql-server php php-mysql php-pdo php-common php-gd httpd zlib-devel gcc gcc-c++
# Install rsyslog..
tar rsyslog-5.8.1.tar.gz
cd rsyslog-5.8.1
./configure --enable-mysql --prefix=/usr/local/rsyslog
make && make install
cd ..
# creat rsyslog config..
sed -e "s/ommysql:localhost,Syslog,root,/ommysql:localhost,Syslog,${run_user},${run_pwd};dbFormat/g" rsyslog.conf > /etc/rsyslog.conf
# stop system syslog..
service syslog stop
chkconfig syslog off
# create rsyslog startup script
cp /etc/init.d/{syslog,rsyslog}
# edit rsyslog startup script
sed -i 's/syslog/rsyslog/g' /etc/init.d/rsyslog
chmod 700 /etc/init.d/rsyslog
chkconfig --add rsyslog
chkconfig rsyslog on
# create rsyslog bin ln
ln -sv /usr/local/rsyslog/sbin/rsyslogd /sbin/rsyslogd
# conf mysql
service mysqld start
chkconfig mysqld on
mysqladmin -u root password "${mysql_pwd}"
# create sql
cat > createDB.sql << EOF
CREATE DATABASE Syslog default character set 'utf8';
USE Syslog;
CREATE TABLE SystemEvents
(
ID int unsigned not null auto_increment primary key,
CustomerID bigint,
ReceivedAt datetime NULL,
DeviceReportedTime datetime NULL,
Facility smallint NULL,
Priority smallint NULL,
FromHost varchar(60) NULL,
Message text,
NTSeverity int NULL,
Importance int NULL,
EventSource varchar(60),
EventUser varchar(60) NULL,
EventCategory int NULL,
EventID int NULL,
EventBinaryData text NULL,
MaxAvailable int NULL,
CurrUsage int NULL,
MinUsage int NULL,
MaxUsage int NULL,
InfoUnitID int NULL ,
SysLogTag varchar(60),
EventLogType varchar(60),
GenericFileName VarChar(60),
SystemID int NULL
) DEFAULT CHARSET='utf8';
CREATE TABLE SystemEventsProperties
(
ID int unsigned not null auto_increment primary key,
SystemEventID int NULL ,
ParamName varchar(255) NULL ,
ParamValue text NULL
) DEFAULT CHARSET='utf8';
grant all privileges on Syslog.* to '${run_user}'@localhost identified by '${run_pwd}';
EOF
# import sql
mysql -u${mysql_user} -p${mysql_pwd} < createDB.sql
# start rsyslog
service rsyslog restart
# install loganalyzer
tar xvf loganalyzer-3.2.1.tar.gz
cd loganalyzer-3.2.1
cp -r src/ /var/www/html/loganalyzer
cp -r contrib/* /var/www/html/loganalyzer
cd ..
chown -R apache.apache /var/www/html/loganalyzer
# use web install loganalyzer.
/bin/sh /var/www/html/loganalyzer/configure.sh
/bin/sh /var/www/html/loganalyzer/secure.sh
# start httpd
service httpd start
chkconfig httpd on
# edit src/include/functions_common.php function GetStringWithHTMLCodes
sed -i 's/htmlentities.*/htmlentities(\$myStr,ENT_QUOTES,"UTF-8");/g' /var/www/html/loganalyzer/include/functions_common.php
# reduce the privilege
read -n 1 -p 'Please go to install web, when finished, press Enter...'
cat > priv.sql << EOF
revoke all privileges on Syslog.* from '${run_user}'@localhost;
grant insert,delete,update,select,alter on Syslog.* to '${run_user}'@localhost identified by '${run_pwd}';
EOF
mysql -u${mysql_user} -p${mysql_pwd} < priv.sql
# clean
rm -rf priv.sql createDB.sql loganalyzer-3.2.1 rsyslog-5.8.1
chmod +x rsyslog.sh
./rsyslog.sh
如与panabit流量监控相结合的话.终端会一直弹出数据.无法操作.可以改下
弹出数据为Message from syslogd@2011-06-13T19:43:04.846104+08:00 10.35.2.2 PNB0>www 1307994563
vi /etc/rsyslog.conf
#*.emerg *
service rsyslog restart http://www.wushiqin.com/?p=76 转载
相关文章推荐
- RHEL5.4部署中央日志服务器之rsyslog+loganalyzer
- CentOS7下利用rsyslog+loganalyzer配置日志服务器及Linux和windows客户端配置
- RHEL5.4部署中央日志服务器之rsyslog+loganalyzer
- CentOS7下利用rsyslog+loganalyzer配置日志服务器及Linux和windows客户端配置
- RHEL5.4部署中央日志服务器之rsyslog+loganalyzer
- CentOS7下利用rsyslog+loganalyzer配置日志服务器及Linux客户端配置
- centos6.4搭建rsyslog日志服务器和loganalyzer 日志分析工具--续
- 安装SQL2000时出现:安装程序配置服务器失败。参考服务器错误日志和 C:/WINDOWS/sqlstp.log 了解更多信息。
- 搭建[ rsyslog+loganalyzer+mysql ] lamp组合型日志服务器
- 搭建rsyslog日志服务器和loganalyzer日志分析工具
- 安装程序配置服务器失败。参考服务器错误日志和 C:/WINDOWS/sqlstp.log 了解更多信息。
- Rsyslog_LogAnalyzer日志服务器部署
- Rsyslog+MySQL+LogAnalyzer部署日志服务器
- CentOS 6.5下利用Rsyslog+LogAnalyzer+MySQL部署日志服务器
- Centos6.4下利用rsyslog+loganalyzer+mysql部署日志服务器
- rsyslog+mariadb+loganalyzer实现日志服务器搭建
- rsyslog+mysql+loganalyzer构建日志服务器
- Linux 日志服务器搭建(rsyslog+loganalyzer)
- rsyslog+mariadb+loganalyzer实现日志服务器搭建
- rsyslog+mysql+loganalyzer 环境搭建日志服务器