rsyslog+loganalyzer的安装配置
参考:
环境LAMP+rsyslog+loganalyzer
系统CentOS 5.4 32位
rsyslog-5.9.0.tar.gz、loganalyzer-3.2.1.tar.gz 上传到/tmp目录下
1、LAMP环境安装
yum -y install httpd* mysql* php php-mysql php-common php-gd php-mbstring php-mcrypt php-devel php-xml gd* gcc*
设置mysql密码
进入数据库: mysql -p
更改密码: UPDATE mysql.user SET Password=PASSWORD ('123456') WHERE User='root';
2、rsyslog的安装
下载地址:http://download.csdn.net/detail/lovejuan007/3738966
cd /tmp/
tar zxvf rsyslog-5.9.0.tar.gz
cd rsyslog-5.9.0
./configure --enable-mysql
注: make之前先查看下面的错误一
make
make install
ln -s /usr/local/sbin/rsyslogd /sbin/rsyslogd
cp rsyslog.conf /etc
vim /etc/rsyslog.conf 这3行下面添加
$ModLoad immark # provides --MARK-- message capability
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # kernel logging (formerly provided by rklogd)
=====下面这2行是要添加的====
$ModLoad ommysql
*.* :ommysql:localhost,Syslog,root,123456
=====去掉下面2行的注释,主要是接收客户的日志====
$ModLoad imudp.so # provides UDP syslog reception
$UDPServerRun 514 # start a UDP syslog server at standard port 514
保存退出,开启防火墙的UDP 514端口,重启防火墙
==================================================================================
解释下这句话的含义:
*.* :ommysql:localhost,Syslog,root,123456
Syslog 是数据中database-name
tmp 是database-userid
mima是tmp用户登录mysql的密码
该行的格式
*.* :ommysql:database-server,database-name,database-userid,database-password
同样要注意的是database-name 必须和/tmp/rsyslog-5.9.0/plugins/ommysql/createDB.sql 中的相同
==================================================================================
建立rsyslog启动脚本
cp -rp /etc/init.d/syslog /etc/init.d/rsyslog
sed -i 's/syslog/rsyslog/g' /etc/init.d/rsyslog
=====停止自带的syslog日志服务====
service syslog stop
导入数据库
cd /tmp/syslog/rsyslog-5.9.0/plugins/ommysql
mysql -uroot -p <createDB.sql
密码:
启动rsyslog
service rsyslog start
检查数据库是否有相应数据
mysql -utmp -p
use Syslog;
select * from SystemEvents;
如果有数据,则表示成功
创建syslog用户访问Syslog
grant all on Syslog.* to syslog@'localhost' identified by 'syslog';
flush privileges;
密码是syslog
错误一:
make[2]: Entering directory `/tmp/rsyslog-5.9.0/tools'
CCLD rsyslogd
../runtime/.libs/librsyslog.a(librsyslog_la-parser.o): In function `uncompressMessage':
/tmp/rsyslog-5.9.0/runtime/parser.c:247: undefined reference to `uncompress'
collect2: ld returned 1 exit status
make[2]: *** [rsyslogd] Error 1
make[2]: Leaving directory `/tmp/rsyslog-5.9.0/tools'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/tmp/rsyslog-5.9.0'
make: *** [all] Error 2
解决方法:
vi /tmp/rsyslog-5.9.0/runtime/parser.c
注释掉247行
//ret = uncompress((uchar *) deflateBuf, &iLenDefBuf, (uchar *) pszMsg+1, lenMsg-1);
3、loganalyzer的安装
http://download.csdn.net/detail/lovejuan007/3738744
cd /tmp/
tar zxvf loganalyzer-3.2.1.tar.gz
mkdir /var/www/html/syslog
cp -r /tmp/loganalyzer-3.2.1/src/* /var/www/html/syslog/
cp -r /tmp/loganalyzer-3.2.1/contrib/* /var/www/html/syslog/
cd /var/www/html/syslog
chmod 755 *.sh
./configure.sh
后续的安装请参考附件
配置apache日志
vi /etc/rsyslog.conf# Apache
if $syslogfacility-text == 'local6' and $programname == 'httpd' then /var/log/httpd/access_log if $syslogfacility-text == 'local7' and $programname == 'httpd' then /var/log/httpd/error_log vi /etc/httpd/conf/httpd.confCustomLog "|/usr/bin/logger -t httpd -p local6.info" combined
ErrorLog "|/usr/bin/logger -t httpd -p local7.info"