CentOS7下搭建日志采集分析系统LogAnalyzer
LogAnalyzer是一款Web界面syslog日志分析工具。它提供了对日志的简单浏览、搜索、基本分析和一些图表报告的功能。数据可以从数据库或一般的syslog文本文件中获取,所以LogAnalyzer不需要改变现有的记录架构。基于当前的日志数据,它可以处理syslog日志消息,Windows事件日志记录,支持故障排除,使用户能够快速查找日志数据
https://loganalyzer.adiscon.com/
感谢网友temptation的投稿
本文参考其文章完成:原文章链接https://www.cnblogs.com/iflytek/p/14403664.html
具体步骤如下
1、环境准备
CentOS7.6的服务器一台
IP:192.168.198.132 可以访问互联网,并关闭SELINUX
2、脚本方式完成HTTP+PHP+MySQL+LogAnalyzer的部署
上传脚本及相关文件至/opt目录下
cd /opt tar -zxvf rsyslog_and_loganalyzer.tar.gz sh loganalyzer.sh
其中loganalyzer.sh脚本内容如下
[root@localhost opt]# cat loganalyzer.sh #!/bin/bash wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo cat > /etc/yum.repos.d/mysql-community.repo << "EOF" [mysql-connectors-community] name=MySQL Connectors Community baseurl=https://mirrors.tuna.tsinghua.edu.cn/mysql/yum/mysql-connectors-community-el7-$basearch/ enabled=1 gpgcheck=1 gpgkey=https://repo.mysql.com/RPM-GPG-KEY-mysql [mysql-tools-community] name=MySQL Tools Community baseurl=https://mirrors.tuna.tsinghua.edu.cn/mysql/yum/mysql-tools-community-el7-$basearch/ enabled=1 gpgcheck=1 gpgkey=https://repo.mysql.com/RPM-GPG-KEY-mysql [mysql-5.7-community] name=MySQL 5.7 Community Server baseurl=https://mirrors.tuna.tsinghua.edu.cn/mysql/yum/mysql-5.7-community-el7-$basearch/ enabled=1 gpgcheck=1 gpgkey=https://repo.mysql.com/RPM-GPG-KEY-mysql EOF yum clean all yum makecache yum install mysql-community-server.x86_64 -y systemctl start mysqld systemctl enable mysqld netstat -anp | grep 3306 ps -ef | grep mysql echo "----------获取MySQL的root用户初始密码----------------" grep "temporary password" /var/log/mysqld.log echo "----------设置MySQL的root设置新密码----------------" echo "----------请设置新密码为MySQL@2021----------------" mysql_secure_installation echo "----------安装rsyslog-mysql并替换rsyslog.conf----------------" yum -y install rsyslog-mysql mv /etc/rsyslog.conf /etc/rsyslog.conf_bak cp /opt/rsyslog.conf_template /etc/rsyslog.conf systemctl restart rsyslog.service mysql -uroot -pMySQL@2021 < /usr/share/doc/rsyslog-8.24.0/mysql-createDB.sql echo "----------登录MySQL创建rsyslog库----------------" echo "create database rsyslog character set utf8 collate utf8_bin;"| mysql -uroot -pMySQL@2021 echo "grant all privileges on Syslog.* to 'rsyslog'@'%' identified by 'Rsyslog@2021'; "|mysql -uroot -pMySQL@2021 echo "grant all privileges on rsyslog.* to 'rsyslog'@'localhost' identified by 'Rsyslog@2021'; "|mysql -uroot -pMySQL@2021 echo "flush privileges;"|mysql -uroot -pMySQL@2021 yum -y install httpd php php-mysql php-gd cd /opt/ tar -zxvf loganalyzer-4.1.11.tar.gz echo "----------解压并配置loganalyzer----------------" mkdir -p /var/log/httpd/log mkdir -p /var/www/html/log cp -rf /opt/loganalyzer-4.1.11/src/* /var/www/html/log cp -rf /opt/loganalyzer-4.1.11/contrib/* /var/www/html/log cd /var/www/html/log chmod +x configure.sh secure.sh sh configure.sh chmod 666 config.php chown -R apache.apache * systemctl start httpd systemctl enable httpd systemctl status httpd echo "----------请登录web初始化loganalyzer:http://IP:/log----------------"
脚本并非全自动化,需要在执行过程中需要重新设置MySQL的root密码
其中rsyslog.conf_template 做了如下修改
3、登录web初始化loganalyzer
用户数据库连接配置 DatabaseName:Syslog
#注意我这里使用的是Syslog,当然你也可以用之前脚本中创建的rsyslog库
Database User:rsyslog
Database Password:Rsyslog@2021
日志数据库
Database Name:Syslog
Database Tablename:SystemEvents (注意大小写)
Database User:rsyslog
Database Password:Rsyslog@2021
4、测试主机debian配置rsyslog转发
5、loganalyzer使用截图
主界面
(图片可放大查看)
数据统计
日志关键字搜索
