一、安装MysqL
# yum -y install mariadb-server
# systemctl enable --Now mariadb && systemctl status mariadb
● mariadb.service - MariaDB 10.3 database server
Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2021-12-25 03:56:37 EST; 2min 38s ago
Docs: man:MysqLd(8)
https://mariadb.com/kb/en/library/systemd/
Process: 31604 ExecStartPost=/usr/libexec/MysqL-check-upgrade (code=exited, status=0/SUCCE>
Process: 31470 ExecStartPre=/usr/libexec/MysqL-prepare-db-dir mariadb.service (code=exited>
Process: 31445 ExecStartPre=/usr/libexec/MysqL-check-socket (code=exited, status=0/SUCCESS)
Main PID: 31573 (MysqLd)
Status: "Taking your sql requests Now..."
Tasks: 30 (limit: 11303)
Memory: 87.3M
CGroup: /system.slice/mariadb.service
└─31573 /usr/libexec/MysqLd --basedir=/usr
二、安装rsyslog
# yum -y install rsyslog-MysqL
#将sql脚本复制到数据库服务器
# scp /usr/share/doc/rsyslog/MysqL-createDB.sql 10.0.0.28:/root/
三、配置MysqL服务器
3.1 导入数据库
# MysqL -uroot < MysqL-createDB.sql
# MysqL -e "show databases;"
+--------------------+
| Database |
+--------------------+
| Syslog |
| information_schema |
| MysqL |
| performance_schema |
+--------------------+
3.2 创建授权用户
# MysqL -e "create user rsyslog@'10.0.0.%' identified by '123456';"
# MysqL -e "grant all on Syslog.* to 'rsyslog'@'10.0.0.%';"
# MysqL -e "select user,host from MysqL.user;"
+---------+--------------+
| user | host |
+---------+--------------+
| rsyslog | 10.0.0.% |
| root | 127.0.0.1 |
| root | ::1 |
| root | localhost |
| root | MysqL-server |
+---------+--------------+
四、配置rsyslog服务器
4.1 配置日志服务器将日志发送至指定数据库
[root@ rsyslog-server ~]#vim /etc/rsyslog.conf
####MODULES#### #在 MODULES 语言下面添加
module(load="omMysqL")
#在RULES语句块下面添加
#### RULES ####
#facility.priority :omMysqL:DBHOST,dbnAME,DBUSER, PASSWORD
*.info :omMysqL:10.0.0.28,Syslog,rsyslog,123456
[root@ rsyslog-server ~]# systemctl restart rsyslog.service
4.2 测试
#在日志服务器上生成日志
# logger "this is a test log"
#在数据库上查询到上面的测试日志
$> MysqL -e "select count(*) from Syslog.SystemEvents;"
+----------+
| count(*) |
+----------+
| 1907 |
+----------+
# 可以看到测试日记已经存到MysqL的Syslog库中
# MysqL -e "select * from Syslog.SystemEvents\G" | grep -C10 "this is a test log"
GenericFileName: NULL
SystemID: NULL
*************************** 1904. row ***************************
ID: 1904
CustomerID: NULL
ReceivedAt: 2021-12-25 17:25:29
DeviceReportedTime: 2021-12-25 17:25:29
Facility: 1
Priority: 5
FromHost: reyslog
Message: this is a test log
NTSeverity: NULL
Importance: NULL
EventSource: NULL
EventUser: NULL
EventCategory: NULL
EventID: NULL
EventBinaryData: NULL
MaxAvailable: NULL
CurrUsage: NULL
MinUsage: NULL
五、部署配置LogAnalyzer
5.1 安装LogAnalyzer
# wget https://download.adiscon.com/loganalyzer/loganalyzer-4.1.10.tar.gz
# tar xvf loganalyzer-4.1.10.tar.gz
# mkdir /var/www/html/log
# mv loganalyzer-4.1.10/src/* /var/www/html/log
5.2 安装相关服务
# yum -y install httpd PHP-fpm PHP-MysqLnd PHP-gd
# systemctl enable --Now httpd PHP-fpm && systemctl status httpd PHP-fpm
5.3 测试PHP
PHP是使用套接字和httpd通讯的,并非监听在9000端口。
需要监听在端口,修改配置文件/etc/PHP-fpm.d/www.conf,监听端修改为:listen = 127.0.0.1:9000
# cat > /var/www/html/info.PHP << EOF
<?PHP PHPinfo() ?>
EOF
# 打开浏览器访问http://10.0.0.38/info.PHP,没问题继续下一步操作
六、基于 web 页面初始化LogAnalyzer
6.1 打开浏览器
访问http://10.0.0.38/log 实现初始化
6.2 提示缺失配置文件
# touch /var/www/html/log/config.PHP
# chmod 666 /var/www/html/log/config.PHP
6.3 重新访问
6.4 测试
[root@reyslog ~]# logger "this is a test log"
[root@reyslog ~]# logger "this is a newtest log
图表展示
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
