Bootstrap

基于Centos7搭建rsyslog服务器

一、配置rsyslog可接收日志

1、准备新的Centos7环境

2、部署lnmp环境

# 安装扩展源
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo# 安装扩展源
yum install nginx -y# 安装nginx
yum install -y php php-devel php-fpm php-mysql php-common php-devel php-gdlibjpeg* php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-mcrypt php-bcmath php-mhash libmcrypt libmcrypt-devel # 安装与php相关的包
systemctl start nginx php-fpm
systemctl enable nginx php-fpm # 启动nginx与php

3、配置简易的客户端与服务端

(1)修改rsyslog的配置文件并重启

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514

*.info;mail.none;authpriv.none;cron.none                @192.168.134.155

systemctl restart rsyslog # 重启

(2)在日志服务器端启动tcp与udp服务(192.168.134.155)==该服务器命名为test2,同样重启

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514

systemctl restart rsyslog # 重启

4、测试基础效果

Jul 20 03:25:59 localhost systemd: Stopping The nginx HTTP and reverse proxy server...
Jul 20 03:25:59 localhost systemd: Stopped The nginx HTTP and reverse proxy server.
Jul 20 03:26:01 localhost systemd: Starting The nginx HTTP and reverse proxy server...
Jul 20 03:26:01 localhost nginx: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Jul 20 03:26:01 localhost nginx: nginx: configuration file /etc/nginx/nginx.conf test is successfu


服务器test2上收到了test1上发送的nginx日志,测试成功

二、配置基于mysql存储日志信息

1、安装数据库及插件,并配置数据库。

#安装数据库
yum install rsyslog-mysql
yum install mariadb-server
systemctl restart mariadb
systemctl enable mariadb

# 配置数据库
mysqladmin -uroot password '123456

2、指定用户,赋予权限

# 进入数据库
mysql -uroot -p123456

# 进入mysql数据库
use mysql

#赋予权限并刷新
grant all on Syslog.* to 'Syslog'@'192.168.%.%' identified by 'admin123';
flush privileges;

3、退出数据库,修改配置文件

# 修改配置文件
vim /etc/my.cnf

[mysqld]# 增加下列两行
skip_name_resolve=on
innodb_file_per_table=on

# 重启数据库
systemctl restart mariadb
# 将日志重定向入数据库
mysql -uSyslog -h192.168.134.138 -padmin123 < /usr/share/doc/rsyslog-*/mysql-createDB.sql

4、修改rsyslog配置文件

vim /etc/rsyslog.conf

修改内容如下:
#### MODULES ####

$ModLoad ommysql # 增加这一行

# 注释掉如下第一行,增加第二行
#*.info;mail.none;authpriv.none;cron.none                @192.168.134.155
*.info;mail.none;authpriv.none;cron.none                :ommysql:192.168.134.138,Syslog,Syslog,admin123

# 重启日志服务器与nginx
systemctl restart rsyslog
systemctl restart nginx

5、基础测试(登入数据库,执行如下命令)

use Syslog
show tables;
select count(*) from SystemEvents;
出现如下结果即配置成功
+----------+
| count(*) |
+----------+
|       12 |
+----------+

三、配置前端

1、安装loganalyzer软件

地址:LogAnalyzer v4.1.12 (v4-stable) - Adiscon LogAnalyzer

2、解压并进行配置

# 执行以下命令
tar xf loganalyzer-4.1.12.tar.gz -C /
cd /
ln -sv loganalyzer-4.1.12/ loganalyzer
cd loganalyzer
ls /usr/share/nginx/html/
mkdir -p /usr/share/nginx/html/log
cp -r ./src/* /usr/share/nginx/html/log/
cd -
ls contrib/
cp contrib/* /usr/share/nginx/html/log/
cd /usr/share/nginx/html/log/
chmod +x *.sh
./configure.sh 
./secure.sh 

touch config.php
chmod 666 config.php

3、浏览器访问http://自己的ip/index.php,一直点击next即可配置成功。、

最终结果:

;